Benchmarking Transferable Adversarial Attacks

Moreover, we reproduce 10 representative In recent years, adversarial attacks have emerged as a methods of transferable adversarial attacks and integrated significant research direction for artificial intelligence and these methods into an open-source benchmark framework, machine learning, especially in the context of the security which is published on GitHub TAA-Bench, facilitating related of deep learning. It originates from the observation that deep researches. Our main contributions are: neural networks (DNNs) are sensitive to subtle perturbations in input data. Even imperceptible to the human eye, such changes We thoroughly collate existing methods of transferable can lead to incorrect output results [3]. Adversarial attacks adversarial attacks, and systematically analyse their can be categorized into two types based on the availability implementation principles. of model data: white-box attacks and black-box attacks [1], [18], [6], [19]. White-box attacks assume the model's internal We present an extensible, modular and open-source information are accessible, such as its parameters, structure, benchmark TAA-Bench that includes implementations and training data. In contrast, black-box attacks occur without of different types of transferable adversarial attacks to knowledge of the internal information of the attacked model, facilitate research and development in this field.