On Success and Simplicity: A Second Look at Transferable Targeted Attacks
Authors: Zhengyu Zhao, Zhuoran Liu, Martha Larson
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this section, we provide experimental evidence to show the general effectiveness of simple transferable attacks. Firstly, in Section 4.1, we evaluate the simple transferable attacks in a variety of transfer scenarios, including single-model transfer, ensemble transfer (easy and challenging scenarios), a worse-case scenario with low-ranked target classes, and a real-world attack on the Google Cloud Vision API. |
| Researcher Affiliation | Academia | Zhengyu Zhao, Zhuoran Liu, Martha Larson Radboud University {z.zhao,z.liu,m.larson}@cs.ru.nl |
| Pseudocode | No | The paper describes methods using mathematical formulations and descriptive text, but it does not include explicit pseudocode or algorithm blocks. |
| Open Source Code | Yes | Code is available at https://github.com/Zhengyu Zhao/Targeted-Tansfer. |
| Open Datasets | Yes | we used the 1000 images from the development set of the Image Net-Compatible Dataset1, which was introduced along with the NIPS 2017 Competition on Adversarial Attacks and Defenses. 1https://github.com/cleverhans-lab/cleverhans/tree/master/cleverhans_v3. 1.0/examples/nips17_adversarial_competition/dataset. |
| Dataset Splits | No | The paper mentions using the '1000 images from the development set of the Image Net-Compatible Dataset', but it does not specify explicit training, validation, or test splits for these images within their own experimental setup. The experiments are conducted on pre-trained models. |
| Hardware Specification | Yes | Our experiments were run on an NVIDIA Tesla P100 GPU with 12GB of memory. |
| Software Dependencies | No | The paper does not provide specific version numbers for software dependencies such as programming languages, libraries, or frameworks used for implementation (e.g., Python, PyTorch, TensorFlow versions). |
| Experiment Setup | Yes | All attacks used TI, MI, and DI with optimal hyperparameters provided in their original work. Specifically, W 1 = 5 was used for TI as suggested by [12]. If not mentioned specifically, all attacks were run with 300 iterations to ensure convergence. When being executed with a batch size of 20, the optimization process took about three seconds per image. A moderate step size of 2 was used for all attacks... Following the common practice, the perturbations were restricted by L norm with ϵ = 16. |