LGV: Boosting Adversarial Example Transferability from Large Geometric Vicinity. (arXiv:2207.13129v1 [cs.LG])

We propose transferability from Large Geometric Vicinity (LGV), a new
technique to increase the transferability of black-box adversarial attacks. LGV
starts from a pretrained surrogate model and collects multiple weight sets from
a few additional training epochs with a constant and high learning rate. LGV
exploits two geometric properties that we relate to transferability. First,
models that belong to a wider weight optimum are better surrogates. Second, we
identify a subspace able to generate an effective surrogate ensemble among this …

arxiv boosting example lg