Attack-Centric Approach for Evaluating Transferability of Adversarial Samples in Machine Learning Models
This work addresses the reliability of ML systems in critical applications by providing insights into adversarial transferability, though it is incremental as it builds on existing attack methods.
The study tackled the problem of understanding adversarial sample transferability in machine learning by using an attack-centric approach to analyze how attacks influence transfer, identifying four key factors that affect it.
Transferability of adversarial samples became a serious concern due to their impact on the reliability of machine learning system deployments, as they find their way into many critical applications. Knowing factors that influence transferability of adversarial samples can assist experts to make informed decisions on how to build robust and reliable machine learning systems. The goal of this study is to provide insights on the mechanisms behind the transferability of adversarial samples through an attack-centric approach. This attack-centric perspective interprets how adversarial samples would transfer by assessing the impact of machine learning attacks (that generated them) on a given input dataset. To achieve this goal, we generated adversarial samples using attacker models and transferred these samples to victim models. We analyzed the behavior of adversarial samples on victim models and outlined four factors that can influence the transferability of adversarial samples. Although these factors are not necessarily exhaustive, they provide useful insights to researchers and practitioners of machine learning systems.