“…Score based Attacks qMeta [24] wc = 1, wq = 0, wϵ = 0 P-RGF [25] wc = 1, wq = 0, wϵ = 1 ZO-ADMM [26] wc = 1, wq = 0, wϵ = 0 TREMBA [27] wc = 1, wq = 0, wϵ = 1 Square [28] wc = 1, wq = 0, wϵ = 1 ZO-NGD [26] wc = 1, wq = 0, wϵ = 1 PPBA [30] wc = 1, wq = 0, wϵ = 1 Decision based Attacks qFool [31] wc = 0, wq = 1, wϵ = 0 HSJA [10] wc = 1, wq = 1, wϵ = 0 GeoDA [32] wc = 0, wq = 1, wϵ = 0 QEBA [33] wc = 1, wq = 1, wϵ = 1 RayS [34] wc = 1, wq = 0, wϵ = 1 SurFree [12] wc = 1, wq = 1, wϵ = 1 NonLinear-BA [35] wc = 1, wq = 0, wϵ = 0 Transfer based Attacks Adaptive [22] wc = 1, wq = 0, wϵ = 1 DaST [9] wc = 1, wq = 0, wϵ = 1 PO-TI [23] wc = 1, wq = 0, wϵ = 1 Non-traditional Attacks CornerSearch [36] wc = 1, wq = 0, wϵ = 0 ColorFool [38] wc = 1, wq = 0, wϵ = 0 Patch [37] wc = 1, wq = 0, wϵ = 0 scenario. Likewise, for black-box transfer attacks using our framework can also yield insights.…”