Output Diversified Initialization for Adversarial Attacks

by   Yusuke Tashiro, et al.

Adversarial examples are often constructed by iteratively refining a randomly perturbed input. To improve diversity and thus also the success rates of attacks, we propose Output Diversified Initialization (ODI), a novel random initialization strategy that can be combined with most existing white-box adversarial attacks. Instead of using uniform perturbations in the input space, we seek diversity in the output logits space of the target model. Empirically, we demonstrate that existing ℓ_∞ and ℓ_2 adversarial attacks with ODI become much more efficient on several datasets including MNIST, CIFAR-10 and ImageNet, reducing the accuracy of recently proposed defense models by 1–17%. Moreover, PGD attack with ODI outperforms current state-of-the-art attacks against robust models, while also being roughly 50 times faster on CIFAR-10. The code is available on https://github.com/ermongroup/ODI/.


page 1

page 2

page 3

page 4


Torchattacks : A Pytorch Repository for Adversarial Attacks

Torchattacks is a PyTorch library that contains adversarial attacks to g...

Generalizing Universal Adversarial Attacks Beyond Additive Perturbations

The previous study has shown that universal adversarial attacks can fool...

Beckman Defense

Optimal transport (OT) based distributional robust optimisation (DRO) ha...

Practical Evaluation of Adversarial Robustness via Adaptive Auto Attack

Defense models against adversarial attacks have grown significantly, but...

An Efficient Adversarial Attack for Tree Ensembles

We study the problem of efficient adversarial attacks on tree based ense...

Hindering Adversarial Attacks with Implicit Neural Representations

We introduce the Lossy Implicit Network Activation Coding (LINAC) defenc...

Probabilistic Jacobian-based Saliency Maps Attacks

Machine learning models have achieved spectacular performances in variou...

Please sign up or login with your details

Forgot password? Click here to reset