English
Related papers

Related papers: Dynamic Target Attack

200 papers

Large Vision-Language Models (LVLMs) are foundational to modern multimodal applications, yet their susceptibility to adversarial attacks remains a critical concern. Prior white-box attacks rarely generalize across tasks, and black-box…

Computer Vision and Pattern Recognition · Computer Science 2026-02-24 Hefei Mei , Zirui Wang , Chang Xu , Jianyuan Guo , Minjing Dong

Unlike regular tokens derived from existing text corpora, special tokens are artificially created to annotate structured conversations during the fine-tuning process of Large Language Models (LLMs). Serving as metadata of training data,…

Cryptography and Security · Computer Science 2025-10-14 Wentian Zhu , Zhen Xiang , Wei Niu , Le Guan

Adversarial training for LLMs is one of the most promising methods to reliably improve robustness against adversaries. However, despite significant progress, models remain vulnerable to simple in-distribution exploits, such as rewriting…

Machine Learning · Computer Science 2026-02-19 Chengzhi Hu , Jonas Dornbusch , David Lüdke , Stephan Günnemann , Leo Schwinn

Text adversarial attack methods are typically designed for static scenarios with fixed numbers of output labels and a predefined label space, relying on extensive querying of the victim model (query-based attacks) or the surrogate model…

Computer Vision and Pattern Recognition · Computer Science 2025-09-29 Wenqiang Wang , Siyuan Liang , Xiao Yan , Xiaochun Cao

Federated learning (FL) is widely used in Internet-of-Things (IoT) systems, but its distributed training process also exposes it to backdoor attacks. Existing studies mainly consider single-target or centralized multi-target settings, while…

Computer Vision and Pattern Recognition · Computer Science 2026-05-05 Tao Liu , Dapeng Man , Jiguang Lv , Chen Xu , Weiye Xi , Huanran Wang , Yuhang Zhang , Tianming Zhao , Wu Yang

Image transmission and processing systems in resource-critical applications face significant challenges from adversarial perturbations that compromise mission-specific object classification. Current robustness testing methods require…

Cryptography and Security · Computer Science 2026-01-22 Jinwei Hu , Shiyuan Meng , Yi Dong , Xiaowei Huang

Jailbreak attacks -- adversarial prompts that bypass LLM alignment through purely linguistic manipulation -- pose a growing operational security threat, yet the field lacks large-scale, reproducible infrastructure for generating,…

Cryptography and Security · Computer Science 2026-05-12 Ismail Hossain , Tanzim Ahad , Md Jahangir Alam , Sai Puppala , Syed Bahauddin Alam , Sajedul Talukder

As Large Language Models (LLMs) are increasingly deployed in safety-critical domains, rigorously evaluating their robustness against adversarial jailbreaks is essential. However, current safety evaluations often overestimate robustness…

Machine Learning · Computer Science 2026-01-08 Zhakshylyk Nurlanov , Frank R. Schmidt , Florian Bernard

Black-box query attacks, which rely only on the output of the victim model, have proven to be effective in attacking deep learning models. However, existing black-box query attacks show low performance in a novel scenario where only a few…

Computer Vision and Pattern Recognition · Computer Science 2023-05-04 Xiangyuan Yang , Jie Lin , Hanlin Zhang , Xinyu Yang , Peng Zhao

Attack Success Rate (ASR) evaluates each jailbreak with a single yes/no label at the end of generation, telling us whether a failure happened but not how it unfolded. Two attacks that produce equally harmful outputs may have followed…

Artificial Intelligence · Computer Science 2026-05-29 Junyoung Park , Sunghwan Park , Seongyong Ju , Jaewoo Lee

Adversarial training in reinforcement learning (RL) is challenging because perturbations cascade through trajectories and compound over time, making fixed-strength attacks either overly destructive or too conservative. We propose…

Machine Learning · Computer Science 2026-01-30 Lucas Schott , Elies Gherbi , Hatem Hajri , Sylvain Lamprier

This paper proposes a simple yet effective jailbreak attack named FlipAttack against black-box LLMs. First, from the autoregressive nature, we reveal that LLMs tend to understand the text from left to right and find that they struggle to…

Cryptography and Security · Computer Science 2026-05-18 Yue Liu , Xiaoxin He , Miao Xiong , Jinlan Fu , Shumin Deng , Yingwei Ma , Jiaheng Zhang , Bryan Hooi

The vulnerability of deep neural networks to small and even imperceptible perturbations has become a central topic in deep learning research. Although several sophisticated defense mechanisms have been introduced, most were later shown to…

Machine Learning · Computer Science 2021-09-28 Leo Schwinn , An Nguyen , René Raab , Dario Zanca , Bjoern Eskofier , Daniel Tenbrinck , Martin Burger

As LLM-driven agents advance in cybersecurity, Jeopardy CTF benchmarks are approaching saturation and cyber ranges, the natural next evaluation frontier, offer diminishing resistance under their current static design. We validate this…

Recent adversarial attack developments have made reinforcement learning more vulnerable, and different approaches exist to deploy attacks against it, where the key is how to choose the right timing of the attack. Some work tries to design…

Machine Learning · Computer Science 2022-05-03 Yang Li , Quan Pan , Erik Cambria

Differential Attention (DA) has been proposed as a refinement to standard attention, suppressing redundant or noisy context through a subtractive structure and thereby reducing contextual hallucination. While this design sharpens…

Machine Learning · Computer Science 2026-03-17 Tsubasa Takahashi , Shojiro Yamabe , Futa Waseda , Kento Sasaki

Existing white-box jailbreak attacks against aligned LLMs typically append discrete adversarial suffixes to the user prompt, which visibly alters the prompt and operates in a combinatorial token space. Prior work has avoided directly…

Artificial Intelligence · Computer Science 2026-04-29 Miles Q. Li , Benjamin C. M. Fung , Boyang Li , Radin Hamidi Rad , Ebrahim Bagheri

Large language models (LLMs) have shown remarkable performance across a range of NLP tasks. However, their strong instruction-following capabilities and inability to distinguish instructions from data content make them vulnerable to…

Cryptography and Security · Computer Science 2025-10-07 Yulin Chen , Haoran Li , Yuexin Li , Yue Liu , Yangqiu Song , Bryan Hooi

This study investigates behavior-targeted attacks on reinforcement learning and their countermeasures. Behavior-targeted attacks aim to manipulate the victim's behavior as desired by the adversary through adversarial interventions in state…

Machine Learning · Computer Science 2026-02-18 Shojiro Yamabe , Kazuto Fukuchi , Jun Sakuma

The composition of training data mixtures is critical for effectively training large language models (LLMs), as it directly impacts their performance on downstream tasks. Our goal is to identify an optimal data mixture to specialize an LLM…

Machine Learning · Computer Science 2024-10-04 Simin Fan , David Grangier , Pierre Ablin