S0076Significant

模型遷移性對抗攻擊

Operation & Monitoring

Risk Description

Adversarial examples generated against a surrogate model can successfully attack an unknown target model (black-box transfer attack). Attackers need no direct access to the target model — generating adversarial examples using open-source models with similar architectures suffices. Even with strict API access controls, models remain vulnerable. Recent research shows particularly high transfer attack success rates between LLMs.

Framework Mappings

iso 23894R2
mitre atlasAML.T0043
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 模型差異化策略
  • 集成防禦

Implementation Steps English translation pending

  1. 採用差異化模型架構和訓練策略,降低與公開模型的相似性
  2. 部署多模型集成投票機制,要求多數模型一致才輸出結果
  3. 實施輸入變換隨機化,使靜態對抗樣本失效
  4. 定期使用遷移攻擊工具進行紅隊測試