关键词: 智能模型安全性, 对抗样本, 迁移性, 鲁棒性

Abstract: Adversarial robustness is a crucial component of evaluating the security of intelligent models.Currently,research on transfer attacks is primarily limited to fixed-budget attacks,with a lack of studies focusing on minimal-norm attacks.Furthermore,there is no unified and comprehensive evaluation framework for assessing transfer attacks or measuring attack transferability,which poses significant challenges to the security assessment of intelligent models.To address these issues,a minimal-distance-based framework for assessing adversarial attack transferability is proposed.By the framework，a search method is used to identify the minimum budget for successful transfer of attacks firstly.Then,the transferability of different attacks are compared using an overall score that combines perturbation size and attack success rate,as well as an optimality measure.The overall score reflects the varying degrees of transferability among different attacks and allows for comparison of target models' robustness against transfer attacks.The optimality measure quantifies the proximity of an attack to an optimal solution.Texting results demonstrate that our method outperforms existing state-of-the-art approaches and yields several empirical conclusions.

Key words: Intelligent model security, Adversarial examples, Transferability, Robustness