The main contributions of this work are summarized below:
- We propose DES-Adv, a novel surrogate selection method that dynamically selects the most competent combination of surrogate models for each test sample using a Dynamic Ensemble Selection (DES) framework.
- We systematically address several open research questions and provide clear justifications for commonly used design choices in transfer-based ensemble attacks.
- We conduct extensive experiments on three benchmark datasets, demonstrating that DES-Adv consistently improves both performance and stability across all evaluated ensemble attack methods.
- We analyze common failure cases in transfer-based attacks and introduce effective strategies to mitigate these issues.
- We evaluate state-of-the-art ensemble attacks under various defense settings, offering a more comprehensive assessment of their practical robustness.