Walking on the Edge: Fast, Low-Distortion Adversarial Examples
This work addresses the need for fast adversarial attacks, which is crucial for applications like adversarial training, though it is incremental as it builds on existing methods to optimize the speed-distortion trade-off.
The paper tackles the problem of generating adversarial examples for deep neural networks by focusing on the trade-off between speed and distortion, introducing a new attack called boundary projection (BP) that significantly improves upon existing methods.
Adversarial examples of deep neural networks are receiving ever increasing attention because they help in understanding and reducing the sensitivity to their input. This is natural given the increasing applications of deep neural networks in our everyday lives. When white-box attacks are almost always successful, it is typically only the distortion of the perturbations that matters in their evaluation. In this work, we argue that speed is important as well, especially when considering that fast attacks are required by adversarial training. Given more time, iterative methods can always find better solutions. We investigate this speed-distortion trade-off in some depth and introduce a new attack called boundary projection (BP) that improves upon existing methods by a large margin. Our key idea is that the classification boundary is a manifold in the image space: we therefore quickly reach the boundary and then optimize distortion on this manifold.