Evaluating Transferability of Adversarial Attacks Between Models of Different Architectures
Primary Investigator (PI) Name
Kazi Aminul Islam
Department
CCSE - Computer Science
Abstract
This study investigates the transferability of adversarial attacks across neural network architectures, focusing on a comparative analysis between the Momentum Iterative Fast Gradient Sign Method (MI-FGSM) and the Fast Gradient Sign Method (FGSM). Recent scholarly research has underscored the vulnerability of neural networks to adversarial perturbations; however, the impact of model architectural differences on the transferability of such attacks remains insufficiently explored. This study aims to make a unique contribution by systematically comparing the inter-model attack success rates of MI-FGSM and FGSM, while also extending the analysis to additional architectures such as MobileNet and AlexNet. The research methodology involves generating adversarial examples on a ResNet50 model trained on the MNIST dataset using both MIFGSM and FGSM. These adversarial examples are then transferred to VGG19, MobileNet, and AlexNet to evaluate the effectiveness of each attack method, measured by attack success rate and computational overhead. By applying both MI-FGSM and FGSM under similar conditions, we aim to reveal how momentum-based iterative methods compare with FGSM in terms of transferring attack across neural network architectures. These findings will be discussed in the context of current challenges in neural network robustness and the development resilient machine learning systems.
Disciplines
Other Computer Sciences
Evaluating Transferability of Adversarial Attacks Between Models of Different Architectures
This study investigates the transferability of adversarial attacks across neural network architectures, focusing on a comparative analysis between the Momentum Iterative Fast Gradient Sign Method (MI-FGSM) and the Fast Gradient Sign Method (FGSM). Recent scholarly research has underscored the vulnerability of neural networks to adversarial perturbations; however, the impact of model architectural differences on the transferability of such attacks remains insufficiently explored. This study aims to make a unique contribution by systematically comparing the inter-model attack success rates of MI-FGSM and FGSM, while also extending the analysis to additional architectures such as MobileNet and AlexNet. The research methodology involves generating adversarial examples on a ResNet50 model trained on the MNIST dataset using both MIFGSM and FGSM. These adversarial examples are then transferred to VGG19, MobileNet, and AlexNet to evaluate the effectiveness of each attack method, measured by attack success rate and computational overhead. By applying both MI-FGSM and FGSM under similar conditions, we aim to reveal how momentum-based iterative methods compare with FGSM in terms of transferring attack across neural network architectures. These findings will be discussed in the context of current challenges in neural network robustness and the development resilient machine learning systems.