Existing automated attack suites operate as static ensembles with fixed sequences, lacking strategic adaptation and semantic awareness. This paper introduces the Agentic Reasoning for Methods Orchestration and Reparameterization (ARMOR) framework to address these limitations. ARMOR orchestrates three canonical adversarial primitives, Carlini-Wagner (CW), Jacobian-based Saliency Map Attack (JSMA), and Spatially Transformed Attacks (STA) via Vision Language Models (VLM)-guided agents that collaboratively generate and synthesize perturbations through a shared ``Mixing Desk". Large Language Models (LLMs) adaptively tune and reparameterize parallel attack agents in a real-time, closed-loop system that exploits image-specific semantic vulnerabilities. On standard benchmarks, ARMOR achieves improved cross-architecture transfer and reliably fools both settings, delivering a blended output for blind targets and selecting the best attack or blended attacks for white-box targets using a confidence-and-SSIM score.
翻译:现有自动化攻击套件作为静态集成系统运行,采用固定攻击序列,缺乏策略性适应与语义感知能力。本文提出面向方法编排与参数重配置的智能体推理(ARMOR)框架以解决这些局限性。ARMOR通过视觉语言模型引导的智能体协同编排三种经典对抗攻击原语——Carlini-Wagner、基于雅可比显著图攻击与空间变换攻击,并借助共享的“混合控制台”生成并融合扰动。大型语言模型在实时闭环系统中自适应地调整并重配置并行攻击智能体,以利用图像特定的语义脆弱性。在标准基准测试中,ARMOR实现了更优的跨架构迁移性,可稳定欺骗黑白盒两种场景:对黑盒目标生成混合攻击输出,对白盒目标则基于置信度与结构相似性指标选择最优攻击或混合攻击方案。