Self-adaptive Norm Update for Faster Gradient-based L2 Adversarial Attacks and Defenses

Yanhong Liu, Fengming Cao

Abstract

Adversarial training has been shown as one of the most effective defense techniques against adversarial attacks. However, it is based on generating strong adversarial examples by attacks in each iteration of its training process. Research efforts have always been paid to reduce the time overhead of attacks, without impacting their efficiency. The recent work of Decoupled Direction and Norm (DDN) pushed forward the progress on the gradient-based L2 attack with low norm, by adjusting the norm of the noise in each iteration based on whether the last perturbed image is adversarial or not. In this paper, we propose a self-adaptive way of adjusting the L2 norm, by considering whether the perturbed images in the last two iterations are both adversarial or not. Experiments conducted on the MNIST, CIFAR-10 and ImageNet datasets show that our proposed attack achieves comparable or even better performance than DDN with up to 30% less number of iterations. Models trained with our attack achieve comparable robustness to those trained with the DDN attack on the MNIST and CIFAR-10 datasets, by taking around 20% less training time, when the attacks are limited to a maximum norm.

Download


Paper Citation


in Harvard Style

Liu Y. and Cao F. (2021). Self-adaptive Norm Update for Faster Gradient-based L2 Adversarial Attacks and Defenses.In Proceedings of the 10th International Conference on Pattern Recognition Applications and Methods - Volume 1: ICPRAM, ISBN 978-989-758-486-2, pages 15-24. DOI: 10.5220/0010186100150024


in Bibtex Style

@conference{icpram21,
author={Yanhong Liu and Fengming Cao},
title={Self-adaptive Norm Update for Faster Gradient-based L2 Adversarial Attacks and Defenses},
booktitle={Proceedings of the 10th International Conference on Pattern Recognition Applications and Methods - Volume 1: ICPRAM,},
year={2021},
pages={15-24},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010186100150024},
isbn={978-989-758-486-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Pattern Recognition Applications and Methods - Volume 1: ICPRAM,
TI - Self-adaptive Norm Update for Faster Gradient-based L2 Adversarial Attacks and Defenses
SN - 978-989-758-486-2
AU - Liu Y.
AU - Cao F.
PY - 2021
SP - 15
EP - 24
DO - 10.5220/0010186100150024