Critical Checkpoints for Evaluating Defence Models Against Adversarial Attack and Robustness

TL;DR

This paper proposes a set of critical checkpoints for evaluating the robustness of defense models against adversarial attacks in machine learning, aiming to improve the reliability of defense strategies.

Contribution

It introduces specific evaluation checkpoints based on analysis of past defense failures and successes to ensure soundness against strong adversarial attacks.

Findings

Identified common flaws in past defense models

Proposed evaluation checkpoints for defense robustness

Validated checkpoints against existing attack models

Abstract

From past couple of years there is a cycle of researchers proposing a defence model for adversaries in machine learning which is arguably defensible to most of the existing attacks in restricted condition (they evaluate on some bounded inputs or datasets). And then shortly another set of researcher finding the vulnerabilities in that defence model and breaking it by proposing a stronger attack model. Some common flaws are been noticed in the past defence models that were broken in very short time. Defence models being broken so easily is a point of concern as decision of many crucial activities are taken with the help of machine learning models. So there is an utter need of some defence checkpoints that any researcher should keep in mind while evaluating the soundness of technique and declaring it to be decent defence technique. In this paper, we have suggested few checkpoints that should be taken into consideration while building and evaluating the soundness of defence models. All these points are recommended after observing why some past defence models failed and how some model remained adamant and proved their soundness against some of the very strong attacks.