Exploring Misclassifications of Robust Neural Networks to Enhance Adversarial Attacks

05/21/2021
by   Leo Schwinn, et al.
10

Progress in making neural networks more robust against adversarial attacks is mostly marginal, despite the great efforts of the research community. Moreover, the robustness evaluation is often imprecise, making it difficult to identify promising approaches. We analyze the classification decisions of 19 different state-of-the-art neural networks trained to be robust against adversarial attacks. Our findings suggest that current untargeted adversarial attacks induce misclassification towards only a limited amount of different classes. Additionally, we observe that both over- and under-confidence in model predictions result in an inaccurate assessment of model robustness. Based on these observations, we propose a novel loss function for adversarial attacks that consistently improves attack success rate compared to prior loss functions for 19 out of 19 analyzed models.

READ FULL TEXT

page 2

page 4

page 8

page 13

research
02/01/2019

Robustness of Generalized Learning Vector Quantization Models against Adversarial Attacks

Adversarial attacks and the development of (deep) neural networks robust...
research
12/03/2017

Improving Network Robustness against Adversarial Attacks with Compact Convolution

Though Convolutional Neural Networks (CNNs) have surpassed human-level p...
research
10/20/2022

Chaos Theory and Adversarial Robustness

Neural Networks, being susceptible to adversarial attacks, should face a...
research
03/30/2023

Generating Adversarial Samples in Mini-Batches May Be Detrimental To Adversarial Robustness

Neural networks have been proven to be both highly effective within comp...
research
03/21/2022

On The Robustness of Offensive Language Classifiers

Social media platforms are deploying machine learning based offensive la...
research
05/03/2022

On the uncertainty principle of neural networks

Despite the successes in many fields, it is found that neural networks a...
research
05/31/2023

Graph-based methods coupled with specific distributional distances for adversarial attack detection

Artificial neural networks are prone to being fooled by carefully pertur...

Please sign up or login with your details

Forgot password? Click here to reset