Guidance Through Surrogate: Toward a Generic Diagnostic Attack
Naseer, Muzammal Khan, Salman Porikli, Fatih Khan, Fahad Shahbaz
Naseer, Muzammal
Khan, Salman
Porikli, Fatih
Khan, Fahad Shahbaz
Supervisor
Department
Computer Vision
Embargo End Date
Type
Journal article
Date
License
Language
English
Collections
Research Projects
Organizational Units
Journal Issue
Abstract
Adversarial training (AT) is an effective approach to making deep neural networks robust against adversarial attacks. Recently, different AT defenses are proposed that not only maintain a high clean accuracy but also show significant robustness against popular and well-studied adversarial attacks, such as projected gradient descent (PGD). High adversarial robustness can also arise if an attack fails to find adversarial gradient directions, a phenomenon known as "gradient masking." In this work, we analyze the effect of label smoothing on AT as one of the potential causes of gradient masking. We then develop a guided mechanism to avoid local minima during attack optimization, leading to a novel attack dubbed guided projected gradient attack (G-PGA). Our attack approach is based on a "match and deceive" loss that finds optimal adversarial directions through guidance from a surrogate model. Our modified attack does not require random restarts a large number of attack iterations or a search for optimal step size. Furthermore, our proposed G-PGA is generic, thus it can be combined with an ensemble attack strategy as we demonstrate in the case of auto-attack, leading to efficiency and convergence speed improvements. More than an effective attack, G-PGA can be used as a diagnostic tool to reveal elusive robustness due to gradient masking in adversarial defenses.
Citation
M. Naseer, S. Khan, F. Porikli, F.S. Khan, "Guidance Through Surrogate: Toward a Generic Diagnostic Attack," IEEE Transactions on Neural Networks and Learning Systems, vol. 35, no. 2, pp. 2042-2053, 2022, https://doi.org/10.1109/tnnls.2022.3186278.
Source
IEEE Transactions on Neural Networks and Learning Systems
Conference
Keywords
46 Information and Computing Sciences, 4611 Machine Learning
Subjects
Source
Publisher
IEEE