Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Consensus-Robust Transfer Attacks via Parameter and Representation Perturbations
Authors: Shixin Li, Zewei Li, Xiaojing Ma, Xiaofan Bai, Pingyi Hu, Dongmei Zhang, Bin Zhu
NeurIPS 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on CIFAR-100 and Image Net show that CORTA significantly outperforms state-of-the-art transfer-based methods including ensemble approaches across CNN and Vision Transformer targets. |
| Researcher Affiliation | Collaboration | 1Huazhong University of Science and Technology 2Microsoft Corporation 1EMAIL 2EMAIL |
| Pseudocode | No | The paper describes the CORTA (COnsensus Robust Transfer Attack) method and its optimization objective in Section 4.1, and the adversarial example generation process in Section 4.3, including Equation 12 for the update rule. However, it does not present a formal pseudocode block or an algorithm section. |
| Open Source Code | No | Our code will be released when the paper is published. |
| Open Datasets | Yes | Datasets. We follow [16] and evaluate on two benchmarks: an Image Net-compatible dataset2 and CIFAR-100 [33]. All reported results are averaged over the entire Image Net-compatible dataset and the full CIFAR-100 test set. 2https://github.com/cleverhans-lab/cleverhans/tree/master/cleverhans_v3.1.0/ examples/nips17_adversarial_competition/dataset |
| Dataset Splits | Yes | All reported results are averaged over the entire Image Net-compatible dataset and the full CIFAR-100 test set. |
| Hardware Specification | Yes | All experiments are implemented in Py Torch and conducted on two NVIDIA RTX 3090 GPUs. |
| Software Dependencies | No | All experiments are implemented in Py Torch and conducted on two NVIDIA RTX 3090 GPUs. |
| Experiment Setup | Yes | Implementation Details. All attacks are untargeted and evaluated under an L bound of ϵ = 16/255 for T = 100 iterations with a step size of α = 1.6/255. The regularization weight is set to β = 0.1, chosen to balance the magnitudes of the two loss terms in Eq. 10 on the surrogate model. The blending probability is set to pb = 0.5 based on surrogate optimization performance, and the blending proportion λ is sampled from U[0.25, 1] to ensure sufficient feature mixing without reducing generation success. Stochastic feature blending is applied to all layers for CNN surrogates and to all linear layers for Vi T surrogates. I-FGSM is used as the default method for generating adversarial examples. |