Abstract
Empirical evaluation of the adversarial robustness of deep learning models involves solving non-trivial constrained optimization problems. Popular numerical algorithms to solve these constrained problems rely predominantly on projected gradient descent (PGD) and mostly handle adversarial perturbations modeled by the ℓ1, ℓ2, and ℓ∞ metrics. In this paper, we introduce a novel algorithmic framework that blends a general-purpose constrained-optimization solver PyGRANSO, With Constraint-Folding (PWCF), to add reliability and generality to robustness evaluation. PWCF 1) finds good-quality solutions without the need of delicate hyperparameter tuning and 2) can handle more general perturbation types, e.g., modeled by general ℓp (where p > 0) and perceptual (nonℓp) distances, which are inaccessible to existing PGD-based algorithms.
| Original language | English (US) |
|---|---|
| Title of host publication | ICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing, Proceedings |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| ISBN (Electronic) | 9781728163277 |
| DOIs | |
| State | Published - 2023 |
| Event | 48th IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP 2023 - Rhodes Island, Greece Duration: Jun 4 2023 → Jun 10 2023 |
Publication series
| Name | ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings |
|---|---|
| Volume | 2023-June |
| ISSN (Print) | 1520-6149 |
Conference
| Conference | 48th IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP 2023 |
|---|---|
| Country/Territory | Greece |
| City | Rhodes Island |
| Period | 6/4/23 → 6/10/23 |
Bibliographical note
Publisher Copyright:© 2023 IEEE.
Keywords
- adversarial attack
- adversarial robustness
- constrained optimization
- deep neural networks
- perceptual distance
- robustness evaluation