WITCHcraft: Efficient PGD attacks with random step size
This incremental improvement makes adversarial attacks more economical, benefiting scenarios like adversarial training that require real-time attack generation.
The paper tackled the computational inefficiency of iterative adversarial attacks by proposing a variant of Projected Gradient Descent (PGD) with random step size, achieving superior results on CIFAR-10 and MNIST datasets without additional cost.
State-of-the-art adversarial attacks on neural networks use expensive iterative methods and numerous random restarts from different initial points. Iterative FGSM-based methods without restarts trade off performance for computational efficiency because they do not adequately explore the image space and are highly sensitive to the choice of step size. We propose a variant of Projected Gradient Descent (PGD) that uses a random step size to improve performance without resorting to expensive random restarts. Our method, Wide Iterative Stochastic crafting (WITCHcraft), achieves results superior to the classical PGD attack on the CIFAR-10 and MNIST data sets but without additional computational cost. This simple modification of PGD makes crafting attacks more economical, which is important in situations like adversarial training where attacks need to be crafted in real time.