On the Adversarial Transferability of ConvMixer Models

Ryota Iijima; Miki Tanaka; Isao Echizen; and Hitoshi Kiya

arXiv:2209.08724·cs.LG·September 20, 2022

On the Adversarial Transferability of ConvMixer Models

Ryota Iijima, Miki Tanaka, Isao Echizen, and Hitoshi Kiya

PDF

Open Access

TL;DR

This paper investigates how adversarial examples transfer between ConvMixer models and other neural networks, revealing that ConvMixer models are vulnerable to transfer attacks, which has implications for their robustness in image classification.

Contribution

First study to analyze adversarial transferability involving ConvMixer models using a benchmark attack method, highlighting their vulnerability.

Findings

01

ConvMixer models are weak to adversarial transferability

02

AutoAttack effectively evaluates model robustness

03

Transferability poses security concerns for ConvMixer networks

Abstract

Deep neural networks (DNNs) are well known to be vulnerable to adversarial examples (AEs). In addition, AEs have adversarial transferability, which means AEs generated for a source model can fool another black-box model (target model) with a non-trivial probability. In this paper, we investigate the property of adversarial transferability between models including ConvMixer, which is an isotropic network, for the first time. To objectively verify the property of transferability, the robustness of models is evaluated by using a benchmark attack method called AutoAttack. In an image classification experiment, ConvMixer is confirmed to be weak to adversarial transferability.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications