We are not able to resolve this OAI Identifier to the repository landing page. If you are the repository manager for this record, please head to the Dashboard and adjust the settings.
Transferability captures the ability of an attack against a
machine-learning model to be effective against a different,
potentially unknown, model. Empirical evidence for transferability has been shown in previous work, but the underlying
reasons why an attack transfers or not are not yet well understood. In this paper, we present a comprehensive analysis
aimed to investigate the transferability of both test-time evasion and training-time poisoning attacks. We provide a unifying optimization framework for evasion and poisoning attacks, and a formal definition of transferability of such attacks. We
highlight two main factors contributing to attack transferability: the intrinsic adversarial vulnerability of the target model,
and the complexity of the surrogate model used to optimize
the attack. Based on these insights, we define three metrics
that impact an attack’s transferability. Interestingly, our results
derived from theoretical analysis hold for both evasion and
poisoning attacks, and are confirmed experimentally using a
wide range of linear and non-linear classifiers and datasets
Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.