ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Guided adversarial attack for evaluating and enhancing adversarial defenses

Sriramanan, G and Addepalli, S and Baburaj, A and Venkatesh Babu, R (2020) Guided adversarial attack for evaluating and enhancing adversarial defenses. In: 34th Conference on Neural Information Processing Systems, NeurIPS 2020, 6-12, December, 2020, Virtual, Online.

[img] PDF
NeurIPS 2020.pdf - Published Version
Restricted to Registered users only
Download (5MB) | Request a copy

Abstract

Advances in the development of adversarial attacks have been fundamental to the progress of adversarial defense research. Efficient and effective attacks are crucial for reliable evaluation of defenses, and also for developing robust models. Adversarial attacks are often generated by maximizing standard losses such as the cross-entropy loss or maximum-margin loss within a constraint set using Projected Gradient Descent (PGD). In this work, we introduce a relaxation term to the standard loss, that finds more suitable gradient-directions, increases attack efficacy and leads to more efficient adversarial training. We propose Guided Adversarial Margin Attack (GAMA), which utilizes function mapping of the clean image to guide the generation of adversaries, thereby resulting in stronger attacks. We evaluate our attack against multiple defenses and show improved performance when compared to existing attacks. Further, we propose Guided Adversarial Training (GAT), which achieves state-of-the-art performance amongst single-step defenses by utilizing the proposed relaxation term for both attack generation and training. © 2020 Neural information processing systems foundation. All rights reserved.

Item Type: Conference Paper
Publication: Advances in Neural Information Processing Systems
Publisher: Neural information processing systems foundation
Additional Information: The copyright for this article belongs to Neural information processing systems foundation
Keywords: Constraint set; Defense research; Function mapping; Gradient direction; Maximum margin; Projected gradient; Robust models; State-of-the-art performance, Gradient methods
Department/Centre: Division of Interdisciplinary Sciences > Computational and Data Sciences
Date Deposited: 04 Aug 2021 10:41
Last Modified: 04 Aug 2021 10:41
URI: http://eprints.iisc.ac.in/id/eprint/69039

Actions (login required)

View Item View Item
Powered by EPrints A service from The J.R.D. Tata Memorial Library Indian Institute of Science, Bengaluru-560012, India