Tuning for Two Adversaries: Enhancing the Robustness Against Transfer and Query-Based Attacks using Hyperparameter Tuning

In this paper, we present the first detailed analysis of how training hyperparameters -- such as learning rate, weight decay, momentum, and batch size -- influence robustness against both transfer-based and query-based attacks. Supported by theory and experiments, our study spans a variety of practical deployment settings, including centralized training, ensemble learning, and distributed training. We uncover a striking dichotomy: for transfer-based attacks, decreasing the learning rate significantly enhances robustness by up to $64\%$. In contrast, for query-based attacks, increasing the learning rate consistently leads to improved robustness by up to $28\%$ across various settings and data distributions. Leveraging these findings, we explore -- for the first time -- the training hyperparameter space to jointly enhance robustness against both transfer-based and query-based attacks. Our results reveal that distributed models benefit the most from hyperparameter tuning, achieving a remarkable tradeoff by simultaneously mitigating both attack types more effectively than other training setups.

Key Contributions

• First systematic analysis of how training hyperparameters (learning rate, weight decay, momentum, batch size) affect robustness against both transfer-based and query-based attacks
• Discovery of a dichotomy: lower learning rate improves robustness against transfer attacks (up to 64%) while higher learning rate improves robustness against query attacks (up to 28%)
• Multi-objective hyperparameter optimization (via NSGA-II) to jointly enhance robustness against both attack types, with distributed models benefiting most

🛡️ Threat Analysis

Details

Similar Papers