![[2412.20987] RobustBlack: Challenging Black-Box Adversarial Attacks on State-of-the-Art Defenses](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2412.20987] RobustBlack: Challenging Black-Box Adversarial Attacks on State-of-the-Art Defenses
Summary
The paper 'RobustBlack' explores the effectiveness of black-box adversarial attacks against state-of-the-art defenses, revealing significant gaps in current evaluations.
Why It Matters
This research is crucial as it addresses the limitations of existing black-box attack evaluations, particularly against robust models. Understanding these dynamics can enhance the development of more resilient AI systems and improve security measures in machine learning applications.
Key Takeaways
- Advanced black-box attacks struggle against even simple adversarially trained models.
- Robust models optimized for white-box attacks show enhanced resilience to black-box attacks.
- The alignment of surrogate and target models significantly impacts the success of transfer-based attacks.
Computer Science > Machine Learning arXiv:2412.20987 (cs) [Submitted on 30 Dec 2024 (v1), last revised 17 Feb 2026 (this version, v2)] Title:RobustBlack: Challenging Black-Box Adversarial Attacks on State-of-the-Art Defenses Authors:Mohamed Djilani, Salah Ghamizi, Maxime Cordy View a PDF of the paper titled RobustBlack: Challenging Black-Box Adversarial Attacks on State-of-the-Art Defenses, by Mohamed Djilani and 2 other authors View PDF HTML (experimental) Abstract:Although adversarial robustness has been extensively studied in white-box settings, recent advances in black-box attacks (including transfer- and query-based approaches) are primarily benchmarked against weak defenses, leaving a significant gap in the evaluation of their effectiveness against more recent and moderate robust models (e.g., those featured in the Robustbench leaderboard). In this paper, we question this lack of attention from black-box attacks to robust models. We establish a framework to evaluate the effectiveness of recent black-box attacks against both top-performing and standard defense mechanisms, on the ImageNet dataset. Our empirical evaluation reveals the following key findings: (1) the most advanced black-box attacks struggle to succeed even against simple adversarially trained models; (2) robust models that are optimized to withstand strong white-box attacks, such as AutoAttack, also exhibits enhanced resilience against black-box attacks; and (3) robustness alignment between the surrogate...
