Strong Transferable Adversarial Attacks via Ensembled Asymptotically Normal Distribution Learning

arXiv:2209.11964v2 Announce Type: replace
Abstract: Strong adversarial examples are crucial for evaluating and enhancing the robustness of deep neural networks. However, the performance of popular attacks is usually sensitive, for instance, to minor image transformations, stemming from limited information -- typically only one input example, a handful of white-box source models, and undefined defense strategies. Hence, the crafted adversarial examples are prone to overfit the source model, which hampers their transferability to unknown architectures. In this paper, we propose an …

abstract adversarial adversarial attacks adversarial examples arxiv attacks box cs.cv cs.lg distribution example examples however image information instance networks neural networks normal performance popular robustness stemming type via