A Frank-Wolfe Framework for Efficient and Effective Adversarial Attacks

11/27/2018 ∙ by Jinghui Chen, et al. ∙ 6

Depending on how much information an adversary can access to, adversarial attacks can be classified as white-box attack and black-box attack. In both cases, optimization-based attack algorithms can achieve relatively low distortions and high attack success rates. However, they usually suffer from poor time and query complexities, thereby limiting their practical usefulness. In this work, we focus on the problem of developing efficient and effective optimization-based adversarial attack algorithms. In particular, we propose a novel adversarial attack framework for both white-box and black-box settings based on the non-convex Frank-Wolfe algorithm. We show in theory that the proposed attack algorithms are efficient with an O(1/√(T)) convergence rate. The empirical results of attacking Inception V3 model and ResNet V2 model on the ImageNet dataset also verify the efficiency and effectiveness of the proposed algorithms. More specific, our proposed algorithms attain the highest attack success rate in both white-box and black-box attacks among all baselines, and are more time and query efficient than the state-of-the-art.



There are no comments yet.


page 21

page 22

Code Repositories


A Frank-Wolfe Framework for Efficient and Effective Adversarial Attacks (AAAI'20)

view repo


Frank-Wolfe variant for adversarial attacks on Inception V3 model tested against Imagenet validation data

view repo
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.