Thundernna: a white box adversarial attack
This work addresses the vulnerability of neural networks to adversarial attacks, which is crucial for improving robustness in AI systems, but it appears incremental as it builds on existing first-order methods.
The paper tackles the problem of adversarial attacks on neural networks by developing a first-order method called Thundernna, which achieves a higher success rate than other first-order attacks and is faster than second-order and multi-step first-order attacks.
The existing work shows that the neural network trained by naive gradient-based optimization method is prone to adversarial attacks, adds small malicious on the ordinary input is enough to make the neural network wrong. At the same time, the attack against a neural network is the key to improving its robustness. The training against adversarial examples can make neural networks resist some kinds of adversarial attacks. At the same time, the adversarial attack against a neural network can also reveal some characteristics of the neural network, a complex high-dimensional non-linear function, as discussed in previous work. In This project, we develop a first-order method to attack the neural network. Compare with other first-order attacks, our method has a much higher success rate. Furthermore, it is much faster than second-order attacks and multi-steps first-order attacks.