Guided Adversarial Attack for Evaluating and Enhancing Adversarial Defenses

11/30/2020
by   Gaurang Sriramanan, et al.
0

Advances in the development of adversarial attacks have been fundamental to the progress of adversarial defense research. Efficient and effective attacks are crucial for reliable evaluation of defenses, and also for developing robust models. Adversarial attacks are often generated by maximizing standard losses such as the cross-entropy loss or maximum-margin loss within a constraint set using Projected Gradient Descent (PGD). In this work, we introduce a relaxation term to the standard loss, that finds more suitable gradient-directions, increases attack efficacy and leads to more efficient adversarial training. We propose Guided Adversarial Margin Attack (GAMA), which utilizes function mapping of the clean image to guide the generation of adversaries, thereby resulting in stronger attacks. We evaluate our attack against multiple defenses and show improved performance when compared to existing attacks. Further, we propose Guided Adversarial Training (GAT), which achieves state-of-the-art performance amongst single-step defenses by utilizing the proposed relaxation term for both attack generation and training.

READ FULL TEXT

page 4

page 19

research
12/30/2022

Guidance Through Surrogate: Towards a Generic Diagnostic Attack

Adversarial training is an effective approach to make deep neural networ...
research
12/15/2022

Alternating Objectives Generates Stronger PGD-Based Adversarial Attacks

Designing powerful adversarial attacks is of paramount importance for th...
research
06/28/2021

Feature Importance Guided Attack: A Model Agnostic Adversarial Attack

Machine learning models are susceptible to adversarial attacks which dra...
research
04/19/2022

Poisons that are learned faster are more effective

Imperceptible poisoning attacks on entire datasets have recently been to...
research
12/06/2018

Max-Margin Adversarial (MMA) Training: Direct Input Space Margin Maximization through Adversarial Training

We propose Max-Margin Adversarial (MMA) training for directly maximizing...
research
09/02/2021

Regional Adversarial Training for Better Robust Generalization

Adversarial training (AT) has been demonstrated as one of the most promi...
research
06/02/2022

Mask-Guided Divergence Loss Improves the Generalization and Robustness of Deep Neural Network

Deep neural network (DNN) with dropout can be regarded as an ensemble mo...

Please sign up or login with your details

Forgot password? Click here to reset