Researchers have identified a phenomenon called the "Scissors Effect" in transfer attacks against AI models. This effect demonstrates that while random resizing and padding (Input Diversity or DI) generally improve attack success for standard models, they can significantly hinder attacks against robustly trained models. This counterintuitive finding, observed across various model architectures like CNNs, ViTs, and Swin Transformers on datasets such as ImageNet and CIFAR-10, suggests that DI's effectiveness is highly dependent on the model's training regime. The research attributes this effect to geometric properties of gradients, with resizing identified as a primary contributor to the performance degradation in robust models. A new rule, CG-DI, is proposed to selectively disable diversity measures when gradient consistency indicates potential harm, thereby preserving attack benefits on standard models while mitigating losses on robust ones. AI
IMPACT Reveals a critical trade-off in adversarial attack strategies, impacting model robustness evaluations and defenses.
RANK_REASON Academic paper detailing a novel phenomenon in AI model attacks. [lever_c_demoted from research: ic=1 ai=1.0]
- CIFAR-10
- CNN
- ConvNeXt
- ImageNet
- Input Diversity (DI)
- Local Gradient Consistency (LGC)
- Scissors Effect
- Swin Transformer
- Vít
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
