$A^{3}D$: A Platform of Searching for Robust Neural Architectures and Efficient Adversarial Attacks

TL;DR

The paper introduces $A^{3}D$, a comprehensive platform that automates the search for robust neural network architectures and efficient adversarial attacks, enhancing DNN security evaluation and robustness.

Contribution

It proposes a novel unified platform combining neural architecture search and adversarial attack optimization, considering multiple noise types and metrics for improved robustness and attack efficiency.

Findings

Demonstrates effectiveness on CIFAR10, CIFAR100, and ImageNet datasets.

Provides a benchmark and toolkit for automated robustness evaluation.

Shows improved robustness and attack performance through the platform.

Abstract

The robustness of deep neural networks (DNN) models has attracted increasing attention due to the urgent need for security in many applications. Numerous existing open-sourced tools or platforms are developed to evaluate the robustness of DNN models by ensembling the majority of adversarial attack or defense algorithms. Unfortunately, current platforms do not possess the ability to optimize the architectures of DNN models or the configuration of adversarial attacks to further enhance the robustness of models or the performance of adversarial attacks. To alleviate these problems, in this paper, we first propose a novel platform called auto adversarial attack and defense ($A^{3}D$), which can help search for robust neural network architectures and efficient adversarial attacks. In $A^{3}D$, we employ multiple neural architecture search methods, which consider different robustness evaluation metrics, including four types of noises: adversarial noise, natural noise, system noise, and quantified metrics, resulting in finding robust architectures. Besides, we propose a mathematical model for auto adversarial attack, and provide multiple optimization algorithms to search for efficient adversarial attacks. In addition, we combine auto adversarial attack and defense together to form a unified framework. Among auto adversarial defense, the searched efficient attack can be used as the new robustness evaluation to further enhance the robustness. In auto adversarial attack, the searched robust architectures can be utilized as the threat model to help find stronger adversarial attacks. Experiments on CIFAR10, CIFAR100, and ImageNet datasets demonstrate the feasibility and effectiveness of the proposed platform, which can also provide a benchmark and toolkit for researchers in the application of automated machine learning in evaluating and improving the DNN model robustnesses.