Existing universal adversarial attacks for image segmentation exhibit limited transferability across samples and architectures, hindering robustness evaluation. Method: This paper proposes a novel hybrid universal adversarial attack method that jointly optimizes in both pixel and frequency domains. Specifically, it integrates dual-feature disentanglement in pixel space with low-frequency Fourier scattering in the frequency domain, forming a dual-branch collaborative optimization framework. A feature-decoupling module and multi-model joint optimization strategy are introduced to enhance perturbation generalization. Contribution/Results: The method achieves significant improvements in attack success rates across mainstream segmentation models—including DeepLabv3+ and SegFormer. Crucially, its cross-architecture transferability outperforms state-of-the-art methods by 12.6%, demonstrating superior generalization and practical utility for robustness assessment of segmentation models.

With the rapid advancement of deep learning, the model robustness has become a significant research hotspot, ie, adversarial attacks on deep neural networks. Existing works primarily focus on image classification tasks, aiming to alter the model's predicted labels. Due to the output complexity and deeper network architectures, research on adversarial examples for segmentation models is still limited, particularly for universal adversarial perturbations. In this paper, we propose a novel universal adversarial attack method designed for segmentation models, which includes dual feature separation and low-frequency scattering modules. The two modules guide the training of adversarial examples in the pixel and frequency space, respectively. Experiments demonstrate that our method achieves high attack success rates surpassing the state-of-the-art methods, and exhibits strong transferability across different models.