Exploring Adversarial Transferability between Kolmogorov-arnold Networks
This addresses a critical safety issue for users of KANs by revealing vulnerabilities and improving adversarial attacks, though it is incremental as it builds on existing KAN paradigms.
The paper tackles the problem of poor adversarial transferability between different Kolmogorov-Arnold Networks (KANs) due to overfitting, and proposes AdvKAN, a transfer attack method that significantly enhances attack capabilities across various KAN architectures and datasets.
Kolmogorov-Arnold Networks (KANs) have emerged as a transformative model paradigm, significantly impacting various fields. However, their adversarial robustness remains less underexplored, especially across different KAN architectures. To explore this critical safety issue, we conduct an analysis and find that due to overfitting to the specific basis functions of KANs, they possess poor adversarial transferability among different KANs. To tackle this challenge, we propose AdvKAN, the first transfer attack method for KANs. AdvKAN integrates two key components: 1) a Breakthrough-Defense Surrogate Model (BDSM), which employs a breakthrough-defense training strategy to mitigate overfitting to the specific structures of KANs. 2) a Global-Local Interaction (GLI) technique, which promotes sufficient interaction between adversarial gradients of hierarchical levels, further smoothing out loss surfaces of KANs. Both of them work together to enhance the strength of transfer attack among different KANs. Extensive experimental results on various KANs and datasets demonstrate the effectiveness of AdvKAN, which possesses notably superior attack capabilities and deeply reveals the vulnerabilities of KANs. Code will be released upon acceptance.