Timezone: »
The adversarial vulnerability of deep neural networks (DNNs) has drawn great attention due to the security risk of applying these models in real-world applications. Based on transferability of adversarial examples, an increasing number of transfer-based methods have been developed to fool black-box DNN models whose architecture and parameters are inaccessible. Although tremendous effort has been exerted, there still lacks a standardized benchmark that could be taken advantage of to compare these methods systematically, fairly, and practically. Our investigation shows that the evaluation of some methods needs to be more reasonable and more thorough to verify their effectiveness, to avoid, for example, unfair comparison and insufficient consideration of possible substitute/victim models. Therefore, we establish a transfer-based attack benchmark (TA-Bench) which implements 30+ methods. In this paper, we evaluate and compare them comprehensively on 10 popular substitute/victim models on ImageNet. New insights about the effectiveness of these methods are gained and guidelines for future evaluations are provided.
Author Information
Qizhang Li (Harbin Institute of Technology)
Yiwen Guo (Unaffliated)
Wangmeng Zuo (Harbin Institute of Technology)
Hao Chen (UC Davis)
More from the Same Authors
-
2021 Spotlight: Robust and Fully-Dynamic Coreset for Continuous-and-Bounded Learning (With Outliers) Problems »
Zixiu Wang · Yiwen Guo · Hu Ding -
2022 Poster: When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture »
Yichuan Mo · Dongxian Wu · Yifei Wang · Yiwen Guo · Yisen Wang -
2023 Poster: Adversarial Examples Are Not Real Features »
Ang Li · Yifei Wang · Yiwen Guo · Yisen Wang -
2023 Poster: Improving Adversarial Transferability via Intermediate-level Perturbation Decay »
Qizhang Li · Yiwen Guo · Wangmeng Zuo · Hao Chen -
2022 Spotlight: Lightning Talks 6A-2 »
Yichuan Mo · Botao Yu · Gang Li · Zezhong Xu · Haoran Wei · Arsene Fansi Tchango · Raef Bassily · Haoyu Lu · Qi Zhang · Songming Liu · Mingyu Ding · Peiling Lu · Yifei Wang · Xiang Li · Dongxian Wu · Ping Guo · Wen Zhang · Hao Zhongkai · Mehryar Mohri · Rishab Goel · Yisen Wang · Yifei Wang · Yangguang Zhu · Zhi Wen · Ananda Theertha Suresh · Chengyang Ying · Yujie Wang · Peng Ye · Rui Wang · Nanyi Fei · Hui Chen · Yiwen Guo · Wei Hu · Chenglong Liu · Julien Martel · Yuqi Huo · Wu Yichao · Hang Su · Yisen Wang · Peng Wang · Huajun Chen · Xu Tan · Jun Zhu · Ding Liang · Zhiwu Lu · Joumana Ghosn · Shanshan Zhang · Wei Ye · Ze Cheng · Shikun Zhang · Tao Qin · Tie-Yan Liu -
2022 Spotlight: When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture »
Yichuan Mo · Dongxian Wu · Yifei Wang · Yiwen Guo · Yisen Wang -
2021 Poster: Robust and Fully-Dynamic Coreset for Continuous-and-Bounded Learning (With Outliers) Problems »
Zixiu Wang · Yiwen Guo · Hu Ding -
2020 Poster: Backpropagating Linearly Improves Transferability of Adversarial Examples »
Yiwen Guo · Qizhang Li · Hao Chen -
2020 Poster: Practical No-box Adversarial Attacks against DNNs »
Qizhang Li · Yiwen Guo · Hao Chen -
2020 Poster: Cross-Scale Internal Graph Neural Network for Image Super-Resolution »
Shangchen Zhou · Jiawei Zhang · Wangmeng Zuo · Chen Change Loy -
2019 Poster: DATA: Differentiable ArchiTecture Approximation »
Jianlong Chang · xinbang zhang · Yiwen Guo · GAOFENG MENG · SHIMING XIANG · Chunhong Pan -
2019 Poster: Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks »
Yiwen Guo · Ziang Yan · Changshui Zhang -
2018 Poster: Global Gated Mixture of Second-order Pooling for Improving Deep Convolutional Neural Networks »
Qilong Wang · Zilin Gao · Jiangtao Xie · Wangmeng Zuo · Peihua Li