Attack-Centric Approach for Evaluating Transferability of Adversarial Samples in Machine Learning Models

TL;DR

This paper investigates the transferability of adversarial samples in machine learning by analyzing how attack methods influence their transferability across models, providing insights for building more robust systems.

Contribution

It introduces an attack-centric approach to understand transferability, identifying four key factors affecting adversarial sample transferability.

Findings

Four factors influence transferability of adversarial samples.

Generated adversarial samples transfer across different models.

Insights aid in designing more robust machine learning systems.

Abstract

Transferability of adversarial samples became a serious concern due to their impact on the reliability of machine learning system deployments, as they find their way into many critical applications. Knowing factors that influence transferability of adversarial samples can assist experts to make informed decisions on how to build robust and reliable machine learning systems. The goal of this study is to provide insights on the mechanisms behind the transferability of adversarial samples through an attack-centric approach. This attack-centric perspective interprets how adversarial samples would transfer by assessing the impact of machine learning attacks (that generated them) on a given input dataset. To achieve this goal, we generated adversarial samples using attacker models and transferred these samples to victim models. We analyzed the behavior of adversarial samples on victim models and outlined four factors that can influence the transferability of adversarial samples. Although these factors are not necessarily exhaustive, they provide useful insights to researchers and practitioners of machine learning systems.