Neural Network Lexicon

Untargeted Attacks

Short Definition

Untargeted attacks are adversarial attacks whose goal is to cause any incorrect prediction.

Definition

Untargeted attacks are a class of adversarial attacks in which the attacker seeks to induce misclassification without specifying a particular target output. The objective is simply to make the model’s prediction differ from the correct label.

These attacks prioritize disruption over control and are typically easier to execute than targeted attacks.

Why It Matters

Untargeted attacks demonstrate how easily a model’s decision boundary can be crossed. Even when attackers do not care which incorrect class is predicted, successful untargeted attacks reveal fundamental fragility in learned representations.

They are commonly used as baseline robustness tests and as first indicators of adversarial vulnerability.

How Untargeted Attacks Work (Conceptually)

  • The attacker defines an objective to increase prediction error
  • Perturbations are optimized to reduce confidence in the true class
  • Any alternative prediction is considered a success
  • The attack ends once misclassification occurs

The attack objective is minimal but effective.

Untargeted vs Targeted Attacks

  • Untargeted attacks: aim for any incorrect output
  • Targeted attacks: aim for a specific incorrect output

Untargeted attacks are generally simpler and more likely to succeed, but provide less insight into fine-grained model control.

Minimal Conceptual Example

# conceptual untargeted objective
maximize loss(model(input + perturbation), true_label)
This objective pushes the input away from the correct decision region.

Common Characteristics

  • Do not require selecting a target class
  • Often succeed with smaller perturbations
  • Used as baseline robustness evaluations
  • Can be applied in both white-box and black-box settings
  • Untargeted attacks test the ease of failure, not the direction of failure.

Common Pitfalls

  • Treating untargeted robustness as sufficient
  • Ignoring targeted attack vulnerability
  • Overestimating real-world security from untargeted results
  • Failing to examine confidence under attack
  • Robustness to untargeted attacks is necessary but not sufficient.

Related Concepts