Evaluating Model Robustness Using Adaptive Sparse L0 Regularization

TL;DR

This paper introduces a scalable L0 norm-based adversarial attack method to better evaluate deep neural network robustness against subtle, sparse input perturbations, addressing limitations of existing approaches.

Contribution

The paper presents a novel, efficient L0 norm adversarial attack technique that improves robustness testing of DNNs by generating more subtle and sparse adversarial examples.

Findings

Effective generation of sparse adversarial examples

Improved robustness evaluation accuracy

Scalable attack method suitable for large models

Abstract

Deep Neural Networks have demonstrated remarkable success in various domains but remain susceptible to adversarial examples, which are slightly altered inputs designed to induce misclassification. While adversarial attacks typically optimize under Lp norm constraints, attacks based on the L0 norm, prioritising input sparsity, are less studied due to their complex and non convex nature. These sparse adversarial examples challenge existing defenses by altering a minimal subset of features, potentially uncovering more subtle DNN weaknesses. However, the current L0 norm attack methodologies face a trade off between accuracy and efficiency either precise but computationally intense or expedient but imprecise. This paper proposes a novel, scalable, and effective approach to generate adversarial examples based on the L0 norm, aimed at refining the robustness evaluation of DNNs against such perturbations.