Optimization for Robustness Evaluation Beyond ℓp Metrics

Empirical evaluation of the adversarial robustness of deep learning models involves solving non-trivial constrained optimization problems. Popular numerical algorithms to solve these constrained problems rely predominantly on projected gradient descent (PGD) and mostly handle adversarial perturbatio...

Full description

Saved in:
Bibliographic Details
Published inICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) pp. 1 - 5
Main Authors Liang, Hengyue, Liang, Buyun, Cui, Ying, Mitchell, Tim, Sun, Ju
Format Conference Proceeding
LanguageEnglish
Published IEEE 04.06.2023
Subjects
adversarial attack
adversarial robustness
constrained optimization
Deep learning
deep neural networks
Measurement
Numerical models
perceptual distance
Perturbation methods
Robustness
robustness evaluation
Signal processing
Signal processing algorithms
Online AccessGet full text

Cover

More Information
Summary:Empirical evaluation of the adversarial robustness of deep learning models involves solving non-trivial constrained optimization problems. Popular numerical algorithms to solve these constrained problems rely predominantly on projected gradient descent (PGD) and mostly handle adversarial perturbations modeled by the ℓ 1 , ℓ 2 , and ℓ ∞ metrics. In this paper, we introduce a novel algorithmic framework that blends a general-purpose constrained-optimization solver PyGRANSO, With Constraint-Folding (PWCF), to add reliability and generality to robustness evaluation. PWCF 1) finds good-quality solutions without the need of delicate hyperparameter tuning and 2) can handle more general perturbation types, e.g., modeled by general ℓ p (where p > 0) and perceptual (nonℓ p ) distances, which are inaccessible to existing PGD-based algorithms.
ISSN:2379-190X
DOI:10.1109/ICASSP49357.2023.10095871