MALT Powers Up Adversarial Attacks
Odelia Melamed, Gilad Yehudai, Adi Shamir
TL;DR
MALT is a novel, faster adversarial attack method that outperforms current state-of-the-art attacks on standard datasets by leveraging medium-scale linearity assumptions, applicable to both linear and non-linear models.
Contribution
Introduces MALT, a new adversarial targeting technique based on medium-scale almost linearity, achieving faster attacks and higher success rates on benchmark datasets.
Findings
MALT outperforms AutoAttack on CIFAR-100 and ImageNet.
MALT is five times faster than AutoAttack.
MALT successfully attacks more samples, including previously unreachable ones.
Abstract
Current adversarial attacks for multi-class classifiers choose the target class for a given input naively, based on the classifier's confidence levels for various target classes. We present a novel adversarial targeting method, \textit{MALT - Mesoscopic Almost Linearity Targeting}, based on medium-scale almost linearity assumptions. Our attack wins over the current state of the art AutoAttack on the standard benchmark datasets CIFAR-100 and ImageNet and for a variety of robust models. In particular, our attack is \emph{five times faster} than AutoAttack, while successfully matching all of AutoAttack's successes and attacking additional samples that were previously out of reach. We then prove formally and demonstrate empirically that our targeting method, although inspired by linear predictors, also applies to standard non-linear models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
Taxonomy
TopicsAdversarial Robustness in Machine Learning