Watertox: The Art of Simplicity in Universal Attacks A Cross-Model Framework for Robust Adversarial Generation
This work addresses the challenge of creating robust adversarial attacks that work across different models, with potential applications in visual security and CAPTCHA generation, representing a strong specific gain rather than a foundational breakthrough.
The paper tackles the problem of limited cross-model transferability in adversarial attacks by introducing Watertox, a two-stage framework that reduces model accuracy from 70.6% to 16.0% on state-of-the-art architectures and achieves up to 98.8% accuracy reduction in zero-shot attacks against unseen models.
Contemporary adversarial attack methods face significant limitations in cross-model transferability and practical applicability. We present Watertox, an elegant adversarial attack framework achieving remarkable effectiveness through architectural diversity and precision-controlled perturbations. Our two-stage Fast Gradient Sign Method combines uniform baseline perturbations ($ε_1 = 0.1$) with targeted enhancements ($ε_2 = 0.4$). The framework leverages an ensemble of complementary architectures, from VGG to ConvNeXt, synthesizing diverse perspectives through an innovative voting mechanism. Against state-of-the-art architectures, Watertox reduces model accuracy from 70.6% to 16.0%, with zero-shot attacks achieving up to 98.8% accuracy reduction against unseen architectures. These results establish Watertox as a significant advancement in adversarial methodologies, with promising applications in visual security systems and CAPTCHA generation.