An Efficient and Margin-Approaching Zero-Confidence Adversarial Attack
This addresses the challenge of efficient and accurate adversarial attack generation for machine learning security, though it appears incremental as it builds on existing paradigms.
The paper tackles the problem of zero-confidence adversarial attacks, which find the smallest perturbation needed to cause misclassification, by proposing MARGINATTACK, a framework that computes margins with improved accuracy and efficiency. It achieves a smaller margin than state-of-the-art zero-confidence attacks and runs significantly faster than the Carlini-Wagner attack.
There are two major paradigms of white-box adversarial attacks that attempt to impose input perturbations. The first paradigm, called the fix-perturbation attack, crafts adversarial samples within a given perturbation level. The second paradigm, called the zero-confidence attack, finds the smallest perturbation needed to cause mis-classification, also known as the margin of an input feature. While the former paradigm is well-resolved, the latter is not. Existing zero-confidence attacks either introduce significant ap-proximation errors, or are too time-consuming. We therefore propose MARGINATTACK, a zero-confidence attack framework that is able to compute the margin with improved accuracy and efficiency. Our experiments show that MARGINATTACK is able to compute a smaller margin than the state-of-the-art zero-confidence attacks, and matches the state-of-the-art fix-perturbation at-tacks. In addition, it runs significantly faster than the Carlini-Wagner attack, currently the most ac-curate zero-confidence attack algorithm.