Advancements in Adversarial Example Transferability and Model Robustness

The recent developments in the field of adversarial machine learning and model robustness have been marked by significant advancements in the generation and transferability of adversarial examples, as well as in the evaluation of model resilience to various forms of tampering and attacks. A common theme across the latest research is the exploration of innovative techniques to enhance the transferability of adversarial examples, particularly in targeted attacks, which have traditionally lagged behind their untargeted counterparts in terms of effectiveness. Researchers are increasingly focusing on refining existing methodologies, such as integrated gradients and fine-tuning trajectories, to improve the robustness and reliability of adversarial examples across different models and architectures. Additionally, there is a growing emphasis on the development of comprehensive benchmarks and evaluation frameworks, like MVTamperBench, to systematically assess the resilience of vision-language models to real-world manipulations. These efforts are crucial for advancing the field towards more secure and dependable machine learning systems.

Noteworthy papers include:

  • Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path: Introduces MuMoDIG, a novel attack method that significantly enhances the transferability of adversarial examples by refining the integration path of integrated gradients.
  • MVTamperBench: Evaluating Robustness of Vision-Language Models: Presents a comprehensive benchmark for assessing the resilience of VLMs to video tampering, highlighting the variability in model robustness and facilitating advancements in tamper-resilient VLMs.
  • Two Heads Are Better Than One: Averaging along Fine-Tuning to Improve Targeted Transferability: Proposes a method that leverages the fine-tuning trajectory to improve the targeted transferability of adversarial examples, outperforming existing fine-tuning schemes.
  • Improving Location-based Thermal Emission Side-Channel Analysis Using Iterative Transfer Learning: Demonstrates the effectiveness of iterative transfer learning in enhancing the performance of side-channel attacks, particularly in scenarios with limited data.
  • Everywhere Attack: Attacking Locally and Globally to Boost Targeted Transferability: Introduces an everywhere attack scheme that significantly improves the targeted transferability of adversarial examples by attacking both globally and locally.
  • Boosting Adversarial Transferability with Spatial Adversarial Alignment: Proposes Spatial Adversarial Alignment, a technique that enhances the transferability of adversarial examples by aligning the features of surrogate and witness models.
  • Image-based Multimodal Models as Intruders: Transferable Multimodal Attacks on Video-based MLLMs: Pioneers the investigation into the transferability of adversarial video samples across V-MLLMs, introducing the I2V-MLLM attack method.
  • AIM: Additional Image Guided Generation of Transferable Adversarial Attacks: Introduces a Semantic Injection Module to enhance the transferability of adversarial examples by incorporating target semantics from a guiding image.

Sources

Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path

MVTamperBench: Evaluating Robustness of Vision-Language Models

Two Heads Are Better Than One: Averaging along Fine-Tuning to Improve Targeted Transferability

Improving Location-based Thermal Emission Side-Channel Analysis Using Iterative Transfer Learning

Everywhere Attack: Attacking Locally and Globally to Boost Targeted Transferability

Boosting Adversarial Transferability with Spatial Adversarial Alignment

Image-based Multimodal Models as Intruders: Transferable Multimodal Attacks on Video-based MLLMs

AIM: Additional Image Guided Generation of Transferable Adversarial Attacks

Built with on top of