Watertox: The Art of Simplicity in Universal Attacks A Cross-Model Framework for Robust Adversarial Generation

TL;DR

Watertox is a simple yet effective universal adversarial attack framework that combines architectural diversity and precise perturbations to achieve high transferability and robustness across multiple models.

Contribution

It introduces a novel two-stage attack method using an ensemble of architectures and a voting mechanism for improved transferability and effectiveness.

Findings

Reduces model accuracy from 70.6% to 16.0% on targeted models.

Achieves up to 98.8% accuracy reduction on unseen architectures.

Outperforms state-of-the-art adversarial attack methods.

Abstract

Contemporary adversarial attack methods face significant limitations in cross-model transferability and practical applicability. We present Watertox, an elegant adversarial attack framework achieving remarkable effectiveness through architectural diversity and precision-controlled perturbations. Our two-stage Fast Gradient Sign Method combines uniform baseline perturbations ($\epsilon_1 = 0.1$) with targeted enhancements ($\epsilon_2 = 0.4$). The framework leverages an ensemble of complementary architectures, from VGG to ConvNeXt, synthesizing diverse perspectives through an innovative voting mechanism. Against state-of-the-art architectures, Watertox reduces model accuracy from 70.6% to 16.0%, with zero-shot attacks achieving up to 98.8% accuracy reduction against unseen architectures. These results establish Watertox as a significant advancement in adversarial methodologies, with promising applications in visual security systems and CAPTCHA generation.