notesum.ai

Published at October 21

Model Mimic Attack: Knowledge Distillation for Provably Transferable Adversarial Examples

cs.AI

Released Date: October 21, 2024

Authors: Kirill Lukyanov¹, Andrew Perminov², Denis Turdakov², Mikhail Pautov³

Aff.: ¹Research Center for Trusted Artificial Intelligence, Ivannikov Institute for System Programming of the Russian Academy of Sciences, Moscow Institute of Physics and Technology (National Research University), Moscow, Russia; ²Research Center for Trusted Artificial Intelligence, Ivannikov Institute for System Programming of the Russian Academy of Sciences, Moscow, Russia; ³AIRI, Research Center for Trusted Artificial Intelligence, Ivannikov Institute for System Programming of the Russian Academy of Sciences, Moscow, Russia

Arxiv: https://arxiv.org/abs/2410.15889v1

$\mathcal{D}$	Attack	$\delta$	AQN (↓)
CIFAR-10	ZOO [Chen et al. (2017)]	$0.05$	$\geq 3\times 10^{5}$
	NES [Ilyas et al. (2018)]	$0.1$	$3578$
	Square [Andriushchenko et al. (2020)]	$0.1$	$368$
	NP-Attack [Bai et al. (2020)] (Lit)	$0.05$	$500$
	MCG [Yin et al. (2023)] (Lit)	$0.1$	$130$
	MMAttack resnet18 (ours)	$0.05$	$530$
	MMAttack SmallCNN (ours)	$0.05$	32.8
CIFAR-100	ZOO [Chen et al. (2017)]	$0.05$	$\geq 3\times 10^{5}$
	NES [Ilyas et al. (2018)]	$0.1$	$4884$
	Square [Andriushchenko et al. (2020)]	$0.1$	$193$
	NP-Attack [Bai et al. (2020)]	$0.05$	$325$
	MCG [Yin et al. (2023)] (Lit)	$0.1$	$48$
	MMAttack resnet18 (ours)	$0.05$	$407$
	MMAttack SmallCNN (ours)	$0.05$	24