WITCHcraft: Efficient PGD attacks with random step size

TL;DR

WITCHcraft introduces a simple yet effective modification to PGD attacks by using a random step size, enhancing attack performance without additional computational cost, especially useful for real-time adversarial training.

Contribution

The paper proposes WITCHcraft, a variant of PGD that employs random step sizes to improve attack effectiveness without increasing computational resources.

Findings

Outperforms classical PGD on CIFAR-10 and MNIST datasets

Achieves superior attack results without additional computational cost

Enhances efficiency of adversarial attack generation in real-time scenarios

Abstract

State-of-the-art adversarial attacks on neural networks use expensive iterative methods and numerous random restarts from different initial points. Iterative FGSM-based methods without restarts trade off performance for computational efficiency because they do not adequately explore the image space and are highly sensitive to the choice of step size. We propose a variant of Projected Gradient Descent (PGD) that uses a random step size to improve performance without resorting to expensive random restarts. Our method, Wide Iterative Stochastic crafting (WITCHcraft), achieves results superior to the classical PGD attack on the CIFAR-10 and MNIST data sets but without additional computational cost. This simple modification of PGD makes crafting attacks more economical, which is important in situations like adversarial training where attacks need to be crafted in real time.