Empirical evaluation of the Frank-Wolfe methods for constructing white-box adversarial attacks

TL;DR

This paper evaluates the effectiveness of modified Frank-Wolfe optimization methods for constructing white-box adversarial attacks on neural networks, providing both theoretical insights and empirical results on standard datasets.

Contribution

It introduces the use of advanced projection-free Frank-Wolfe methods for adversarial attack construction and compares their performance with traditional approaches.

Findings

Frank-Wolfe methods are effective for generating adversarial examples.

Compared to projection-based methods, Frank-Wolfe approaches show competitive performance.

Empirical results on MNIST and CIFAR-10 validate the methods' efficiency.

Abstract

The construction of adversarial attacks for neural networks appears to be a crucial challenge for their deployment in various services. To estimate the adversarial robustness of a neural network, a fast and efficient approach is needed to construct adversarial attacks. Since the formalization of adversarial attack construction involves solving a specific optimization problem, we consider the problem of constructing an efficient and effective adversarial attack from a numerical optimization perspective. Specifically, we suggest utilizing advanced projection-free methods, known as modified Frank-Wolfe methods, to construct white-box adversarial attacks on the given input data. We perform a theoretical and numerical evaluation of these methods and compare them with standard approaches based on projection operations or geometrical intuition. Numerical experiments are performed on the MNIST and CIFAR-10 datasets, utilizing a multiclass logistic regression model, the convolutional neural networks (CNNs), and the Vision Transformer (ViT).