On Success and Simplicity: A Second Look at Transferable Targeted AttacksDownload PDF

Published: 21 Jun 2021, Last Modified: 22 Oct 2023ICML 2021 Workshop AML PosterReaders: Everyone
Keywords: Adversarial attacks, targeted transferability, meaningful evaluation, realistic settings
TL;DR: We demonstrate that surprisingly simple attacks can achieve competitive targeted transferability with the state-of-the-art resource-intensive approaches.
Abstract: Achieving transferability of targeted attacks is reputed to be remarkably difficult, and state-of-the-art approaches are resource-intensive due to training target-specific model(s) with additional data. In our work, we find, however, that simple transferable attacks which require neither additional data nor model training can achieve surprisingly high targeted transferability. This insight has been overlooked mainly due to the widespread practice of unreasonably restricting attack optimization to few iterations. In particular, we, for the first time, identify the state-of-the-art performance of a simple logit loss. Our investigation is conducted in a wide range of transfer settings, especially including three new, realistic settings: ensemble transfer with little model similarity, transfer to low-ranked target classes, and transfer to the real-world Google Cloud Vision API. Results in these new settings demonstrate that the commonly adopted, easy settings cannot fully reveal the actual properties of different attacks and may cause misleading comparisons. Overall, the aim of our analysis is to inspire a more meaningful evaluation on targeted transferability.
Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 1 code implementation](https://www.catalyzex.com/paper/arxiv:2012.11207/code)
2 Replies

Loading