Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beyond Boundaries: A Comprehensive Survey of Transferable Attacks on AI Systems

Guangjing Wang, Ce Zhou, Yuanda Wang, Bocheng Chen, Hanqing Guo, Qiben Yan

TL;DR

This survey addresses the problem of transferable attacks that generalize across inputs, domains, modalities, models, tasks, and hardware. It introduces a six‑dimensional taxonomy to unify seven major attack categories (evasion, backdoor, data poisoning, model stealing, model inversion, membership inference, and side‑channel) and analyzes how transferability arises from shared inductive biases and decision boundaries. The authors synthesize methodologies to enhance transferability through data augmentation, data disentanglement, and optimization strategies (gradient‑based and heuristic), and they discuss defense strategies and future directions for robust AI systems. By mapping cross‑dimension transferability and outlining practical implications for security and privacy, the work provides a foundational roadmap for evaluating and defending real‑world AI deployments.

Abstract

As Artificial Intelligence (AI) systems increasingly underpin critical applications, from autonomous vehicles to biometric authentication, their vulnerability to transferable attacks presents a growing concern. These attacks, designed to generalize across instances, domains, models, tasks, modalities, or even hardware platforms, pose severe risks to security, privacy, and system integrity. This survey delivers the first comprehensive review of transferable attacks across seven major categories, including evasion, backdoor, data poisoning, model stealing, model inversion, membership inference, and side-channel attacks. We introduce a unified six-dimensional taxonomy: cross-instance, cross-domain, cross-modality, cross-model, cross-task, and cross-hardware, which systematically captures the diverse transfer pathways of adversarial strategies. Through this framework, we examine both the underlying mechanics and practical implications of transferable attacks on AI systems. Furthermore, we review cutting-edge methods for enhancing attack transferability, organized around data augmentation and optimization strategies. By consolidating fragmented research and identifying critical future directions, this work provides a foundational roadmap for understanding, evaluating, and defending against transferable threats in real-world AI systems.

Beyond Boundaries: A Comprehensive Survey of Transferable Attacks on AI Systems

TL;DR

This survey addresses the problem of transferable attacks that generalize across inputs, domains, modalities, models, tasks, and hardware. It introduces a six‑dimensional taxonomy to unify seven major attack categories (evasion, backdoor, data poisoning, model stealing, model inversion, membership inference, and side‑channel) and analyzes how transferability arises from shared inductive biases and decision boundaries. The authors synthesize methodologies to enhance transferability through data augmentation, data disentanglement, and optimization strategies (gradient‑based and heuristic), and they discuss defense strategies and future directions for robust AI systems. By mapping cross‑dimension transferability and outlining practical implications for security and privacy, the work provides a foundational roadmap for evaluating and defending real‑world AI deployments.

Abstract

As Artificial Intelligence (AI) systems increasingly underpin critical applications, from autonomous vehicles to biometric authentication, their vulnerability to transferable attacks presents a growing concern. These attacks, designed to generalize across instances, domains, models, tasks, modalities, or even hardware platforms, pose severe risks to security, privacy, and system integrity. This survey delivers the first comprehensive review of transferable attacks across seven major categories, including evasion, backdoor, data poisoning, model stealing, model inversion, membership inference, and side-channel attacks. We introduce a unified six-dimensional taxonomy: cross-instance, cross-domain, cross-modality, cross-model, cross-task, and cross-hardware, which systematically captures the diverse transfer pathways of adversarial strategies. Through this framework, we examine both the underlying mechanics and practical implications of transferable attacks on AI systems. Furthermore, we review cutting-edge methods for enhancing attack transferability, organized around data augmentation and optimization strategies. By consolidating fragmented research and identifying critical future directions, this work provides a foundational roadmap for understanding, evaluating, and defending against transferable threats in real-world AI systems.
Paper Structure (34 sections, 2 equations, 1 figure, 5 tables)

This paper contains 34 sections, 2 equations, 1 figure, 5 tables.

Table of Contents

  1. Introduction
  2. Definition of Transferable Attacks
  3. The Position of the Survey
  4. The Organization of the Survey
  5. Background
  6. Observations of Transferability
  7. Risks of Transferable Attacks
  8. Threat Actor Assumption
  9. Transferable Attack Dimension
  10. Cross-instance Attack
  11. Cross-domain Attack
  12. Cross-modality Attack
  13. Cross-model Attack
  14. Surrogate-based Cross-model Attack
  15. Pretraining-based Cross-model Attack
  16. ...and 19 more sections

Figures (1)

  • Figure 1: The taxonomy of the transferable attack and its methodology.