Evaluating the adversarial robustness of machine-learning models using gradient-based attacks is challenging. In this work, we show that hyperparameter optimization can improve fast minimum-norm attacks by automating the selection of the loss function, the optimizer, and the step-size scheduler, along with the corresponding hyperparameters. Our extensive evaluation involving several robust models demonstrates the improved efficacy of fast minimum-norm attacks when hyped up with hyperparameter optimization. We release our open-source code at https://github.com/pralab/HO-FMN.
Improving Fast Minimum-Norm Attacks with Hyperparameter Optimization / Floris, Giuseppe; Mura, Raffaele; Scionis, Luca; Piras, Giorgio; Pintor, Maura; Demontis, Ambra; Biggio, Battista. - (2023), pp. 127-132. (Intervento presentato al convegno European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning tenutosi a Bruges, Belgium) [10.14428/esann/2023.ES2023-164].
Improving Fast Minimum-Norm Attacks with Hyperparameter Optimization
Luca Scionis;Giorgio Piras
;
2023
Abstract
Evaluating the adversarial robustness of machine-learning models using gradient-based attacks is challenging. In this work, we show that hyperparameter optimization can improve fast minimum-norm attacks by automating the selection of the loss function, the optimizer, and the step-size scheduler, along with the corresponding hyperparameters. Our extensive evaluation involving several robust models demonstrates the improved efficacy of fast minimum-norm attacks when hyped up with hyperparameter optimization. We release our open-source code at https://github.com/pralab/HO-FMN.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
