Concept-based Adversarial Attack: a Probabilistic Perspective Article Swipe
We propose a concept-based adversarial attack framework that extends beyond single-image perturbations by adopting a probabilistic perspective. Rather than modifying a single image, our method operates on an entire concept -- represented by a probabilistic generative model or a set of images -- to generate diverse adversarial examples. Preserving the concept is essential, as it ensures that the resulting adversarial images remain identifiable as instances of the original underlying category or identity. By sampling from this concept-based adversarial distribution, we generate images that maintain the original concept but vary in pose, viewpoint, or background, thereby misleading the classifier. Mathematically, this framework remains consistent with traditional adversarial attacks in a principled manner. Our theoretical and empirical results demonstrate that concept-based adversarial attacks yield more diverse adversarial examples and effectively preserve the underlying concept, while achieving higher attack efficiency.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2507.02965
- https://arxiv.org/pdf/2507.02965
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4415343510
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4415343510Canonical identifier for this work in OpenAlex
- Title
-
Concept-based Adversarial Attack: a Probabilistic PerspectiveWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-06-30Full publication date if available
- Authors
-
Andi Zhang, X. X. Ding, Steven McDonagh, Samuel KaskiList of authors in order
- Landing page
-
https://arxiv.org/abs/2507.02965Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2507.02965Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2507.02965Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4415343510 |
|---|---|
| doi | |
| ids.openalex | https://openalex.org/W4415343510 |
| fwci | 0.0 |
| type | preprint |
| title | Concept-based Adversarial Attack: a Probabilistic Perspective |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11689 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9818000197410583 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Adversarial Robustness in Machine Learning |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2507.02965 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2507.02965 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2507.02965 |
| indexed_in | arxiv |
| authorships[0].author.id | https://openalex.org/A5077911588 |
| authorships[0].author.orcid | https://orcid.org/0009-0007-4855-5442 |
| authorships[0].author.display_name | Andi Zhang |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Zhang, Andi |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5074531806 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-2807-2597 |
| authorships[1].author.display_name | X. X. Ding |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Ding, Xuan |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5052824649 |
| authorships[2].author.orcid | https://orcid.org/0000-0001-7025-5197 |
| authorships[2].author.display_name | Steven McDonagh |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | McDonagh, Steven |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5018305257 |
| authorships[3].author.orcid | https://orcid.org/0000-0003-1925-9154 |
| authorships[3].author.display_name | Samuel Kaski |
| authorships[3].author_position | last |
| authorships[3].raw_author_name | Kaski, Samuel |
| authorships[3].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2507.02965 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-20T00:00:00 |
| display_name | Concept-based Adversarial Attack: a Probabilistic Perspective |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T04:12:42.849631 |
| primary_topic.id | https://openalex.org/T11689 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9818000197410583 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Adversarial Robustness in Machine Learning |
| cited_by_count | 0 |
| locations_count | 1 |
| best_oa_location.id | pmh:oai:arXiv.org:2507.02965 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2507.02965 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2507.02965 |
| primary_location.id | pmh:oai:arXiv.org:2507.02965 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2507.02965 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2507.02965 |
| publication_date | 2025-06-30 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 2, 14, 20, 33, 38, 108 |
| abstract_inverted_index.-- | 30, 42 |
| abstract_inverted_index.By | 72 |
| abstract_inverted_index.We | 0 |
| abstract_inverted_index.an | 27 |
| abstract_inverted_index.as | 53, 63 |
| abstract_inverted_index.by | 12, 32 |
| abstract_inverted_index.in | 89, 107 |
| abstract_inverted_index.is | 51 |
| abstract_inverted_index.it | 54 |
| abstract_inverted_index.of | 40, 65 |
| abstract_inverted_index.on | 26 |
| abstract_inverted_index.or | 37, 70, 92 |
| abstract_inverted_index.to | 43 |
| abstract_inverted_index.we | 79 |
| abstract_inverted_index.Our | 111 |
| abstract_inverted_index.and | 113, 126 |
| abstract_inverted_index.but | 87 |
| abstract_inverted_index.our | 23 |
| abstract_inverted_index.set | 39 |
| abstract_inverted_index.the | 49, 57, 66, 84, 96, 129 |
| abstract_inverted_index.from | 74 |
| abstract_inverted_index.more | 122 |
| abstract_inverted_index.than | 18 |
| abstract_inverted_index.that | 7, 56, 82, 117 |
| abstract_inverted_index.this | 75, 99 |
| abstract_inverted_index.vary | 88 |
| abstract_inverted_index.with | 103 |
| abstract_inverted_index.model | 36 |
| abstract_inverted_index.pose, | 90 |
| abstract_inverted_index.while | 132 |
| abstract_inverted_index.yield | 121 |
| abstract_inverted_index.Rather | 17 |
| abstract_inverted_index.attack | 5, 135 |
| abstract_inverted_index.beyond | 9 |
| abstract_inverted_index.entire | 28 |
| abstract_inverted_index.higher | 134 |
| abstract_inverted_index.image, | 22 |
| abstract_inverted_index.images | 41, 60, 81 |
| abstract_inverted_index.method | 24 |
| abstract_inverted_index.remain | 61 |
| abstract_inverted_index.single | 21 |
| abstract_inverted_index.attacks | 106, 120 |
| abstract_inverted_index.concept | 29, 50, 86 |
| abstract_inverted_index.diverse | 45, 123 |
| abstract_inverted_index.ensures | 55 |
| abstract_inverted_index.extends | 8 |
| abstract_inverted_index.manner. | 110 |
| abstract_inverted_index.propose | 1 |
| abstract_inverted_index.remains | 101 |
| abstract_inverted_index.results | 115 |
| abstract_inverted_index.thereby | 94 |
| abstract_inverted_index.adopting | 13 |
| abstract_inverted_index.category | 69 |
| abstract_inverted_index.concept, | 131 |
| abstract_inverted_index.examples | 125 |
| abstract_inverted_index.generate | 44, 80 |
| abstract_inverted_index.maintain | 83 |
| abstract_inverted_index.operates | 25 |
| abstract_inverted_index.original | 67, 85 |
| abstract_inverted_index.preserve | 128 |
| abstract_inverted_index.sampling | 73 |
| abstract_inverted_index.achieving | 133 |
| abstract_inverted_index.empirical | 114 |
| abstract_inverted_index.examples. | 47 |
| abstract_inverted_index.framework | 6, 100 |
| abstract_inverted_index.identity. | 71 |
| abstract_inverted_index.instances | 64 |
| abstract_inverted_index.modifying | 19 |
| abstract_inverted_index.resulting | 58 |
| abstract_inverted_index.Preserving | 48 |
| abstract_inverted_index.consistent | 102 |
| abstract_inverted_index.essential, | 52 |
| abstract_inverted_index.generative | 35 |
| abstract_inverted_index.misleading | 95 |
| abstract_inverted_index.principled | 109 |
| abstract_inverted_index.underlying | 68, 130 |
| abstract_inverted_index.viewpoint, | 91 |
| abstract_inverted_index.adversarial | 4, 46, 59, 77, 105, 119, 124 |
| abstract_inverted_index.background, | 93 |
| abstract_inverted_index.classifier. | 97 |
| abstract_inverted_index.demonstrate | 116 |
| abstract_inverted_index.effectively | 127 |
| abstract_inverted_index.efficiency. | 136 |
| abstract_inverted_index.represented | 31 |
| abstract_inverted_index.theoretical | 112 |
| abstract_inverted_index.traditional | 104 |
| abstract_inverted_index.identifiable | 62 |
| abstract_inverted_index.perspective. | 16 |
| abstract_inverted_index.single-image | 10 |
| abstract_inverted_index.concept-based | 3, 76, 118 |
| abstract_inverted_index.distribution, | 78 |
| abstract_inverted_index.perturbations | 11 |
| abstract_inverted_index.probabilistic | 15, 34 |
| abstract_inverted_index.Mathematically, | 98 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 4 |
| citation_normalized_percentile.value | 0.22684831 |
| citation_normalized_percentile.is_in_top_1_percent | False |
| citation_normalized_percentile.is_in_top_10_percent | True |