Understanding and improving adversarial transferability of vision transformers and convolutional neural networks

Convolutional neural networks (CNNs) and visual transformers (ViTs) are both known to be vulnerable to adversarial examples. Recent work has illustrated the existence of transferability between the two, but the experimental performance is generally mediocre. To enhance the transferability of adversarial examples between CNNs and ViTs, we propose a novel attack on the phenomenon that CNNs and ViTs differ significantly in their inductive bias, which not only attacks the same inductive bias between the two classes of models, but also suppresses the unique of ViTs. We evaluate the effectiveness of our approach through extensive experiments on stateof -the -art ViTs, CNNs, and robustly trained CNNs, and demonstrate significant improvements in transferability, both between ViTs and from ViTs to CNNs. The code for our project is available at https://github .com /chenxiaoyupetter /inductive -biase -attack.