An approach for enhancing adversarial transferability based on common knowledge learning
en-GBde-DEes-ESfr-FR

An approach for enhancing adversarial transferability based on common knowledge learning

08/12/2025 Frontiers Journals
Transfer-based adversarial attack is an important type of black-box attacks, where the adversary could attack an unseen target model, without knowing its information. Existing approaches usually only utilize pretrained model to generate adversarial examples. However, the inconsistency between different will induce poor adversarial transferability, especially in different model architectures. To solve the problems, a research team led by Yuanfang Guo published their new research on 15 October 2025 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.
The team proposed a common knowledge learning (CKL) method for the substitute (source) model to learn better network weights to generate adversarial examples with better transferability, under fixed network architectures. Specifically, to reduce the model-specific features and obtain better output distributions, a multi-teacher approach is proposed, where the knowledge is distilled from different teacher architectures into one student network. Compared with the existing research results, the proposed method could significantly improve the attack success rate (ASR).
In the research, they analyze the relation of adversarial transferability and output consistency of different models, and observe that higher output inconsistency tends to induce lower transferability and vice versa. Therefore, they introduce a multi-teacher approach to learn common knowledge of teacher models.
First, a multi-teacher approach is proposed, where the student model learns from the teacher outputs to reduce the model-specific features and obtain common (model-agnostic) features, to alleviate the output inconsistency problem. In addition, since the input gradient is always utilized in typical adversarial attack process, they design a constraint on the input gradients between the teacher models and the student model, to further promote the transferability of generated adversarial examples. Extensive experiments on CIFAR-10, CIFAR-100, and TinyImageNet have clearly demonstrated the superiority of the proposed work.
Future work can focus on finding more suitable and efficient teacher models and student models to further improve the attack transferability.
DOI:10.1007/s11704-024-40533-4
https://journal.hep.com.cn/fcs/EN/10.1007/s11704-024-40533-4
Fichiers joints
  • 59789877.png
08/12/2025 Frontiers Journals
Regions: Asia, China
Keywords: Applied science, Computing

Disclaimer: AlphaGalileo is not responsible for the accuracy of content posted to AlphaGalileo by contributing institutions or for the use of any information through the AlphaGalileo system.

Témoignages

We have used AlphaGalileo since its foundation but frankly we need it more than ever now to ensure our research news is heard across Europe, Asia and North America. As one of the UK’s leading research universities we want to continue to work with other outstanding researchers in Europe. AlphaGalileo helps us to continue to bring our research story to them and the rest of the world.
Peter Dunn, Director of Press and Media Relations at the University of Warwick
AlphaGalileo has helped us more than double our reach at SciDev.Net. The service has enabled our journalists around the world to reach the mainstream media with articles about the impact of science on people in low- and middle-income countries, leading to big increases in the number of SciDev.Net articles that have been republished.
Ben Deighton, SciDevNet
AlphaGalileo is a great source of global research news. I use it regularly.
Robert Lee Hotz, LA Times

Nous travaillons en étroite collaboration avec...

  • e
  • The Research Council of Norway
  • SciDevNet
  • Swiss National Science Foundation
  • iesResearch
Copyright 2025 by DNN Corp Terms Of Use Privacy Statement