Fast Adversarial Attacks with Gradient Prediction

TL;DR

This paper proposes a novel adversarial attack method that predicts input gradients to eliminate backward passes, significantly increasing attack throughput while maintaining effectiveness.

Contribution

It introduces a gradient prediction approach that speeds up adversarial example generation by removing the backward pass, effective in both theoretical and practical settings.

Findings

Achieves a 532% increase in attack throughput.

Recovers much of FGSM's attack performance.

Effective for finite-width models beyond the NTK regime.

Abstract

Generating adversarial examples at scale is a core primitive for robustness evaluation, adversarial training, and red-teaming, yet even "fast" attacks such as FGSM remain throughput-limited by the cost of a backward pass. We introduce a family of attacks that eliminates the backward pass by predicting the input gradient from forward-pass hidden states via a lightweight linear regression. The approach is motivated by a kernel view of neural networks and is exact in the Neural Tangent Kernel regime, while remaining effective for practical finite-width models. Empirically, our methods recover much of FGSM's attack performance while using only a small fraction of the time, corresponding to a $532\%$ increase in throughput. These results suggest gradient prediction as a simple and general route to significantly faster adversarial generation under realistic wall-clock constraints.