Tuning for Two Adversaries: Enhancing the Robustness Against Transfer and Query-Based Attacks Using Hyperparameter Tuning

Authors

  • Pascal Zimmer Ruhr University Bochum, Germany
  • Ghassan Karame Ruhr University Bochum, Germany

DOI:

https://doi.org/10.1609/aaai.v40i16.38416

Abstract

In this paper, we present the first detailed analysis of how training hyperparameters---such as learning rate, weight decay, momentum, and batch size---influence robustness against both transfer-based and query-based attacks. Supported by theory and experiments, our study spans a variety of practical deployment settings, including centralized training, ensemble learning, and distributed training. We uncover a striking dichotomy: for transfer-based attacks, decreasing the learning rate significantly enhances robustness by up to 64%. In contrast, for query-based attacks, increasing the learning rate consistently leads to improved robustness by up to 28% across various settings and data distributions. Leveraging these findings, we explore---for the first time---the training hyperparameter space to jointly enhance robustness against both transfer-based and query-based attacks. Our results reveal that distributed models benefit the most from hyperparameter tuning, achieving a remarkable tradeoff by simultaneously mitigating both attack types more effectively than other training setups.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Zimmer, P., & Karame, G. (2026). Tuning for Two Adversaries: Enhancing the Robustness Against Transfer and Query-Based Attacks Using Hyperparameter Tuning. Proceedings of the AAAI Conference on Artificial Intelligence, 40(16), 14049–14058. https://doi.org/10.1609/aaai.v40i16.38416

Issue

Vol. 40 No. 16: AAAI-26 Technical Tracks 16

Section

AAAI Technical Track on Computer Vision XIII