Severe sensitivity to Square Attack

60% found this helpful

Vulnerability Info

Vulnerability Typesecurity
CVE Number
Created Date2023/01/12
Reported By@robustintelligence

    Affected Versions

    @a4fd55aade86349731fef059b2632d5bf8b3011c10 December 2022



    A Square Attack test was performed on swinv2-large-patch4-window12to16-192to256-22kto1k-ft, in which a 40% failure rate was observed. In at least one case, the model's prediction changed -0.51. This caused the label to change from 803 to 915.

    Test Information

    This test measures the robustness of the model to Square attacks. It does this by taking a sample input, applying a Square attack, and measuring the performance of the model on the perturbed input. See the paper "Square Attack: a query-efficient black-box adversarial attack via random search" by Andriushchenko, Croce, et al. ( for more details.

    Why is this important?

    Malicious actors can perturb input images to alter model behavior in unexpected ways. It is important that Computer Vision models are robust to such attacks.

    Model Information

    • Model name: swinv2-large-patch4-window12to16-192to256-22kto1k-ft
    • Model package URL: pkg:huggingface/microsoft/swinv2-large-patch4-window12to16-192to256-22kto1k-ft@a4fd55aade86349731fef059b2632d5bf8b3011c
    • Macro F1 score on reference / evaluation: 0.92 / 0.85
    • Multiclass accuracy on reference / evaluation: 0.93 / 0.85
    • Multiclass AUC on reference / evaluation: 1.00 / 1.00
    • Macro Precision on reference / evaluation: 0.94 / 0.87
    • Macro Recall on reference / evaluation: 0.93 / 0.85

    This report was automatically generated by the scanning engine rime-0.21.0rc4.post195+git.2a88076b.d on 2023-01-12 17:49.

    contributor image
    Robust Intelligence
    Helpfulness score: 5