Comment on Transferability and Input Transformation with Additive Noise
This work addresses the vulnerability of neural networks to adversarial attacks, which is a security concern for AI systems, but it appears incremental as it builds on existing transferability concepts.
The paper tackles the problem of adversarial example transferability by analyzing the relationship between transferability and input transformation with additive noise, mathematically proving that a modified optimization method can produce more transferable adversarial examples.
Adversarial attacks have verified the existence of the vulnerability of neural networks. By adding small perturbations to a benign example, adversarial attacks successfully generate adversarial examples that lead misclassification of deep learning models. More importantly, an adversarial example generated from a specific model can also deceive other models without modification. We call this phenomenon ``transferability". Here, we analyze the relationship between transferability and input transformation with additive noise by mathematically proving that the modified optimization can produce more transferable adversarial examples.