Frequency-Domain Data Augmentation in CLIP Models for Robustness Against Ensemble Adversarial Attacks

Adversarial attacks have become a significant challenge in the security of ma-chine learning models, particularly in the context of black-box defense strategies. Existing methods for enhancing adversarial transferability primarily focus on the spatial domain. This paper presents Frequency-Space Attack FSA , a new adversarial attack framework that effectively integrates frequency-domain and spatial-domain transformations. FSA combines two key techniques: 1 High-Frequency Augmentation, which applies Fourier transform with frequency selective amplification to diversify inputs and emphasize the cr

Research goal: How does the incorporation of frequency-domain data augmentation in CLIP-based models impact their robustness scores (e.g., BLEU, CLIPScore) under ensemble-based adversarial attacks compared to spatial-domain augmentation?

Autonomous synthesis report generated by SOVEREIGN Research Kernel. Tribunal consensus score: 8.3/10.