An ADMM-Based Universal Framework for Adversarial Attacks on Deep Neural Networks
This provides a general solution for generating adversarial examples, which is incremental as it unifies existing attack types rather than introducing a new paradigm.
The authors tackled the lack of a versatile framework for adversarial attacks on deep neural networks by proposing an ADMM-based method that unifies L0, L1, L2, and L-infinity attacks, achieving 100% attack success rate and minimal distortion compared to state-of-the-art methods.
Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. In a successful adversarial attack, the targeted mis-classification should be achieved with the minimal distortion added. In the literature, the added distortions are usually measured by L0, L1, L2, and L infinity norms, namely, L0, L1, L2, and L infinity attacks, respectively. However, there lacks a versatile framework for all types of adversarial attacks. This work for the first time unifies the methods of generating adversarial examples by leveraging ADMM (Alternating Direction Method of Multipliers), an operator splitting optimization approach, such that L0, L1, L2, and L infinity attacks can be effectively implemented by this general framework with little modifications. Comparing with the state-of-the-art attacks in each category, our ADMM-based attacks are so far the strongest, achieving both the 100% attack success rate and the minimal distortion.