Evaluating the Evaluators: Trust in Adversarial Robustness Tests

TL;DR

This paper introduces AttackBench, a benchmark framework that standardizes and improves the reliability of adversarial attack evaluations, helping to ensure more trustworthy robustness assessments.

Contribution

The paper presents AttackBench, a comprehensive benchmark for evaluating gradient-based adversarial attacks under consistent conditions, enhancing evaluation reliability and reproducibility.

Findings

AttackBench ranks attack implementations based on a novel optimality metric.

It enforces standardized testing conditions for fair comparisons.

The framework supports continuous updates for evolving robustness evaluation.

Abstract

Despite significant progress in designing powerful adversarial evasion attacks for robustness verification, the evaluation of these methods often remains inconsistent and unreliable. Many assessments rely on mismatched models, unverified implementations, and uneven computational budgets, which can lead to biased results and a false sense of security. Consequently, robustness claims built on such flawed testing protocols may be misleading and give a false sense of security. As a concrete step toward improving evaluation reliability, we present AttackBench, a benchmark framework developed to assess the effectiveness of gradient-based attacks under standardized and reproducible conditions. AttackBench serves as an evaluation tool that ranks existing attack implementations based on a novel optimality metric, which enables researchers and practitioners to identify the most reliable and effective attack for use in subsequent robustness evaluations. The framework enforces consistent testing conditions and enables continuous updates, making it a reliable foundation for robustness verification.