Saved in:
Bibliographic Details
Main Authors: Abdollahpoorrostam, Alireza, Abroshan, Mahed, Moosavi-Dezfooli, Seyed-Mohsen
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2303.12481
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929618750013440
author Abdollahpoorrostam, Alireza
Abroshan, Mahed
Moosavi-Dezfooli, Seyed-Mohsen
author_facet Abdollahpoorrostam, Alireza
Abroshan, Mahed
Moosavi-Dezfooli, Seyed-Mohsen
contents Deep neural networks have been known to be vulnerable to adversarial examples, which are inputs that are modified slightly to fool the network into making incorrect predictions. This has led to a significant amount of research on evaluating the robustness of these networks against such perturbations. One particularly important robustness metric is the robustness to minimal $\ell_2$ adversarial perturbations. However, existing methods for evaluating this robustness metric are either computationally expensive or not very accurate. In this paper, we introduce a new family of adversarial attacks that strike a balance between effectiveness and computational efficiency. Our proposed attacks are generalizations of the well-known DeepFool (DF) attack, while they remain simple to understand and implement. We demonstrate that our attacks outperform existing methods in terms of both effectiveness and computational efficiency. Our proposed attacks are also suitable for evaluating the robustness of large models and can be used to perform adversarial training (AT) to achieve state-of-the-art robustness to minimal $\ell_2$ adversarial perturbations.
format Preprint
id arxiv_https___arxiv_org_abs_2303_12481
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Revisiting DeepFool: generalization and improvement
Abdollahpoorrostam, Alireza
Abroshan, Mahed
Moosavi-Dezfooli, Seyed-Mohsen
Machine Learning
Cryptography and Security
Numerical Analysis
Deep neural networks have been known to be vulnerable to adversarial examples, which are inputs that are modified slightly to fool the network into making incorrect predictions. This has led to a significant amount of research on evaluating the robustness of these networks against such perturbations. One particularly important robustness metric is the robustness to minimal $\ell_2$ adversarial perturbations. However, existing methods for evaluating this robustness metric are either computationally expensive or not very accurate. In this paper, we introduce a new family of adversarial attacks that strike a balance between effectiveness and computational efficiency. Our proposed attacks are generalizations of the well-known DeepFool (DF) attack, while they remain simple to understand and implement. We demonstrate that our attacks outperform existing methods in terms of both effectiveness and computational efficiency. Our proposed attacks are also suitable for evaluating the robustness of large models and can be used to perform adversarial training (AT) to achieve state-of-the-art robustness to minimal $\ell_2$ adversarial perturbations.
title Revisiting DeepFool: generalization and improvement
topic Machine Learning
Cryptography and Security
Numerical Analysis
url https://arxiv.org/abs/2303.12481