TL;DR
This paper introduces a new white-box adversarial attack method based on Augmented Lagrangian principles, offering a balance of generality and efficiency for generating minimally perturbed adversarial examples across various distances.
Contribution
The paper presents a novel attack algorithm that combines the generality of penalty methods with the efficiency of distance-specific approaches, applicable to multiple distance metrics.
Findings
Achieves competitive attack success rates on multiple datasets and models.
Maintains similar or lower computational complexity compared to state-of-the-art methods.
Works effectively across a wide set of distance metrics.
Abstract
Adversarial attack algorithms are dominated by penalty methods, which are slow in practice, or more efficient distance-customized methods, which are heavily tailored to the properties of the distance considered. We propose a white-box attack algorithm to generate minimally perturbed adversarial examples based on Augmented Lagrangian principles. We bring several algorithmic modifications, which have a crucial effect on performance. Our attack enjoys the generality of penalty methods and the computational efficiency of distance-customized algorithms, and can be readily used for a wide set of distances. We compare our attack to state-of-the-art methods on three datasets and several models, and consistently obtain competitive performances with similar or lower computational complexity.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
