Optimization for Robustness Evaluation beyond ℓ_p Metrics
share
Empirical evaluation of deep learning models against adversarial attacks entails solving nontrivial constrained optimization problems. Popular algorithms for solving these constrained problems rely on projected gradient descent (PGD) and require careful tuning of multiple hyperparameters. Moreover, PGD can only handle ℓ_1, ℓ_2, and ℓ_∞ attack models due to the use of analytical projectors. In this paper, we introduce a novel algorithmic framework that blends a general-purpose constrained-optimization solver PyGRANSO, With Constraint-Folding (PWCF), to add reliability and generality to robustness evaluation. PWCF 1) finds good-quality solutions without the need of delicate hyperparameter tuning, and 2) can handle general attack models, e.g., general ℓ_p (p ≥ 0) and perceptual attacks, which are inaccessible to PGD-based algorithms.
READ FULL TEXT
