Go to ICLR 2026 Conference homepageEnhancing Adversarial Transferability via Component-Wise Transformation
Keywords: Adversarial Transferability, Untargeted Attack, Input transformation-based attacks
TL;DR: The paper proposes CWT, a method that enhances adversarial transferability by applying block-wise interpolation and selective rotation to diversify model attention, achieving state-of-the-art attack success rates across diverse architectures.
Abstract: Deep Neural Networks (DNNs) are highly vulnerable to adversarial examples, which pose significant challenges in security-sensitive applications. Among various adversarial attack strategies, input transformation-based attacks have demonstrated remarkable effectiveness in enhancing adversarial transferability. However, current methods struggle with cross-architecture transferability, even when performing well within the same architecture. This limitation arises because, while models of the same architecture may focus on different regions of the object, the variation is even more pronounced across different architectures. Unfortunately, current approaches fail to effectively guide models to attend to these diverse regions. To address this issue, this paper proposes a novel input transformation-based attack method, termed Component-Wise Transformation (CWT). CWT applies interpolation and selective rotation to individual image blocks, ensuring that each transformed image highlights different target regions. Extensive experiments on the standard ImageNet and COCO datasets demonstrate that CWT consistently outperforms state-of-the-art methods across both CNN- and Transformer-based models.
Supplementary Material: zip
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 7092
Loading