Augmented Lagrangian Adversarial Attacks
This work provides a more general and computationally efficient adversarial attack method for researchers and practitioners working on the robustness of machine learning models.
This paper proposes an adversarial attack algorithm based on Augmented Lagrangian principles to generate minimally perturbed adversarial examples. The method achieves competitive performance compared to state-of-the-art methods across three datasets and several models, with similar or lower computational complexity.
Adversarial attack algorithms are dominated by penalty methods, which are slow in practice, or more efficient distance-customized methods, which are heavily tailored to the properties of the distance considered. We propose a white-box attack algorithm to generate minimally perturbed adversarial examples based on Augmented Lagrangian principles. We bring several algorithmic modifications, which have a crucial effect on performance. Our attack enjoys the generality of penalty methods and the computational efficiency of distance-customized algorithms, and can be readily used for a wide set of distances. We compare our attack to state-of-the-art methods on three datasets and several models, and consistently obtain competitive performances with similar or lower computational complexity.