Summary of Towards Predicting the Success Of Transfer-based Attacks by Quantifying Shared Feature Representations, By Ashley S. Dale et al.
Towards Predicting the Success of Transfer-based Attacks by Quantifying Shared Feature Representations
by Ashley S. Dale, Mei Qiu, Foo Bin Che, Thomas Bsaibes, Lauren Christopher, Paul Salama
First submitted to arxiv on: 6 Dec 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper presents a novel approach to predict the success of transfer-based attacks (TBA) on black-box computer vision models. By identifying vulnerable features within target models, it attempts to provide a priori prediction of attack success. The study builds upon recent work by Chen and Liu (2024), which proposed the manifold attack model, suggesting that successful TBA exist in a common manifold space. The authors experimentally test this hypothesis using a new methodology, projecting feature vectors from surrogate and target feature extractors onto the same low-dimensional manifold, quantifying structure similarities, and relating them to TBA success. The results show a moderate correlation between shared feature representation and increased TBA success (ρ= 0.56). This method can predict attack success without knowledge of model weights, training, architecture, or attack details. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper tries to guess how well certain attacks will work on computer vision models that we don’t know the inner workings of. It does this by looking at the features that these models use and seeing if they are similar to each other. The study finds that these features do have some similarities, which can help predict whether an attack will be successful or not. This could be useful for people who want to test their attacks without knowing all the details of the model. |
