Hugging Face's logo

hanxunh
/
trmuap_googlenet

Image-to-Image
Safetensors
XTransferBench
Not-For-All-Audiences
pytorch_model_hub_mixin
model_hub_mixin
adversarial-attacks
robustness
Model card Files Community

X-Transfer Attacks: Towards Super Transferable Adversarial Attacks on CLIP

arXiv

Baseline attacker TRM-UAP used ICML2025 paper "X-Transfer Attacks: Towards Super Transferable Adversarial Attacks on CLIP"

Code: https://github.com/HanxunH/XTransferBench

X-TransferBench

X-TransferBench is an open-source benchmark that provides a comprehensive collection of UAPs/TUAPs capable of achieving universal adversarial transferability. These UAPs can simultaneously transfer across data, domains, models, and tasks. Essentially, they represent perturbations that can transform any sample into an adversarial example, effective against any model and for any task.

Model Details

  • Surrogate Model: GoogleNet
  • Surrogate Dataset:
  • Threat Model: L_inf_eps=12/255
  • Perturbation Size: 3 x 224 x 224

Model Usage 

from XTransferBench import attacker

attacker = XTransferBench.zoo.load_attacker("linf_non_targeted", "trmuap_googlenet")
images = # torch.Tensor [b, 3, h, w], values should be between 0 and 1
adv_images = attacker(images) # adversarial examples

Citation

If you use this model in your work, please cite the accompanying paper:

@inproceedings{liu2023trm,
  title={Trm-uap: Enhancing the transferability of data-free universal adversarial perturbation via truncated ratio maximization},
  author={Liu, Yiran and Feng, Xin and Wang, Yunlong and Yang, Wu and Ming, Di},
  booktitle={ICCV},
  year={2023}
}

@inproceedings{
huang2025xtransfer,
title={X-Transfer Attacks: Towards Super Transferable Adversarial Attacks on CLIP},
author={Hanxun Huang and Sarah Erfani and Yige Li and Xingjun Ma and James Bailey},
booktitle={ICML},
year={2025},
}

Security and Ethical Use Statement

The perturbations provided in this project are intended solely for research purposes. They are shared with the academic and research community to advance understanding of super transferable attacks and defenses.

Any other use of the data, model weights, or methods derived from this project, including but not limited to unauthorized access, modification, or malicious deployment, is strictly prohibited and not endorsed by this project. The authors and contributors of this project are not responsible for any misuse or unethical applications of the provided resources. Users are expected to adhere to ethical standards and ensure that their use of this research aligns with applicable laws and guidelines.

Downloads last month
11
Safetensors
Model size
151k params
Tensor type
F32
ยท
Inference Providers NEW
Image-to-Image
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support