Boosting Adversarial Transferability with a Generative Model Perspective

Abstract:

Generative transfer attacks craft adversarial examples by training a perturbation generator on a white-box surrogate and deploying them against unknown black-box targets. While existing generative methods demonstrate effective adversarial transferability and enjoy inference-time efficiency, they overlook the rich, model-shared semantic information in the intermediate generator features, which is key to enhancing transferability. To address this, we propose a self distilling attack framework via mean teacher that effectively exploits these previously under-explored generator features and preserves the semantic structure within the generator with student-teacher generator alignment via EMA updates. We conduct comprehensive evaluations across four metrics —Classification Accuracy, Attack Success Rate, Fooling Rate, and our newly proposed Accidental Correction Rate— to demonstrate consistent gains in both cross-model and cross domain adversarial transferability.