Position: Towards Resilience Against Adversarial Examples

TL;DR

This paper advocates for developing adversarial defenses that can quickly adapt to new attack types, emphasizing the importance of resilience and continual learning to enhance robustness against unforeseen adversarial perturbations.

Contribution

It introduces the concept of adversarial resilience, defines continual adaptive robustness, and connects these ideas to existing robustness problems, outlining future research directions.

Findings

Defines adversarial resilience and continual adaptive robustness.

Highlights the importance of adaptive defenses against unknown attacks.

Connects continual robustness to multiattack and unforeseen attack problems.

Abstract

Current research on defending against adversarial examples focuses primarily on achieving robustness against a single attack type such as $\ell_2$ or $\ell_{\infty}$-bounded attacks. However, the space of possible perturbations is much larger than considered by many existing defenses and is difficult to mathematically model, so the attacker can easily bypass the defense by using a type of attack that is not covered by the defense. In this position paper, we argue that in addition to robustness, we should also aim to develop defense algorithms that are adversarially resilient -- defense algorithms should specify a means to quickly adapt the defended model to be robust against new attacks. We provide a definition of adversarial resilience and outline considerations of designing an adversarially resilient defense. We then introduce a subproblem of adversarial resilience which we call continual adaptive robustness, in which the defender gains knowledge of the formulation of possible perturbation spaces over time and can then update their model based on this information. Additionally, we demonstrate the connection between continual adaptive robustness and previously studied problems of multiattack robustness and unforeseen attack robustness and outline open directions within these fields which can contribute to improving continual adaptive robustness and adversarial resilience.