Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Enhancing Adversarial Transferability with Adversarial Weight Tuning
Authors: Jiahao Chen, Zhou Feng, Rui Zeng, Yuwen Pu, Chunyi Zhou, Yi Jiang, Yuyou Gan, Jinbao Li, Shouling Ji
AAAI 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on a variety of models with different architectures on Image Net demonstrate that AWT yields superior performance over other attacks, with an average increase of nearly 5% and 10% attack success rates on CNN-based and Transformer-based models, respectively, compared to state-of-the-art attacks. |
| Researcher Affiliation | Academia | 1 College of Computer Science and Technology, Zhejiang University 2 Shandong Artificial Intelligence Institute 3 School of Mathematics and Statistics, Qilu University of Technology |
| Pseudocode | Yes | Algorithm 1: Adversarial Weight Tuning (AWT) attack |
| Open Source Code | No | The paper does not provide an explicit statement about releasing source code or a link to a repository for the methodology described. |
| Open Datasets | Yes | Evaluation is conducted on the Image Net-compatible dataset, which is widely utilized in prior work (Qin et al. 2022; Ge et al. 2023; Qiu et al. 2024). |
| Dataset Splits | No | The paper mentions using an "Image Net-compatible dataset... comprises 1,000 images", but it does not specify how these 1,000 images were split into training, validation, or test sets for the experiments. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory amounts, or detailed computer specifications) used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific software details with version numbers (e.g., library names with versions like Python 3.8, PyTorch 1.9) needed to replicate the experiment. |
| Experiment Setup | Yes | Following the previous work (Ge et al. 2023; Qin et al. 2022; Qiu et al. 2024), we set the maximum perturbation ϵ = 16.0/255, the number of iterations T = 10, and the step size α = 1.6. For MI and NI, the decay factor µ = 1.0. For VMI, we set the number of sampled examples N = 20 and the upper bound of the neighborhood size β = 1.5 ϵ. For EMI, we set N = 11, the sampling interval bound η = 7, and use linear sampling. For the RAP attack, we set α = 2.0/255, K = 400, the inner iteration number T = 10, the late-start KLS = 100, and the size of neighborhoods ϵn = 16.0/255. For PGN, NCS and AWT, we set N = 20, the balanced coefficient δ = 0.5, and the upper bound ζ = 3.0 ϵ. For AWT alone, we set β = 0.005 and lr = 0.002 for surrogate models used for evaluation. |