An Efficient and Margin-Approaching Zero-Confidence Adversarial Attack

TL;DR

This paper introduces MARGINATTACK, a novel zero-confidence adversarial attack framework that accurately and efficiently computes minimal perturbations to cause misclassification, outperforming existing methods in speed and precision.

Contribution

MARGINATTACK provides a new framework for zero-confidence attacks that improves accuracy and efficiency in computing adversarial margins compared to prior approaches.

Findings

MARGINATTACK computes smaller margins than previous zero-confidence attacks.

It matches the performance of fix-perturbation attacks.

It is significantly faster than the Carlini-Wagner attack.

Abstract

There are two major paradigms of white-box adversarial attacks that attempt to impose input perturbations. The first paradigm, called the fix-perturbation attack, crafts adversarial samples within a given perturbation level. The second paradigm, called the zero-confidence attack, finds the smallest perturbation needed to cause mis-classification, also known as the margin of an input feature. While the former paradigm is well-resolved, the latter is not. Existing zero-confidence attacks either introduce significant ap-proximation errors, or are too time-consuming. We therefore propose MARGINATTACK, a zero-confidence attack framework that is able to compute the margin with improved accuracy and efficiency. Our experiments show that MARGINATTACK is able to compute a smaller margin than the state-of-the-art zero-confidence attacks, and matches the state-of-the-art fix-perturbation at-tacks. In addition, it runs significantly faster than the Carlini-Wagner attack, currently the most ac-curate zero-confidence attack algorithm.