Critical Checkpoints for Evaluating Defence Models Against Adversarial Attack and Robustness
This work provides guidelines for researchers to improve the robustness of defense models against adversarial attacks, which is crucial for reliable machine learning in critical applications, though it is incremental as it builds on past observations.
The paper addresses the cycle of proposed defense models being quickly broken by stronger attacks, highlighting common flaws in past defenses. It suggests checkpoints for evaluating defense models, based on observations of why some failed and others remained robust against strong attacks.
From past couple of years there is a cycle of researchers proposing a defence model for adversaries in machine learning which is arguably defensible to most of the existing attacks in restricted condition (they evaluate on some bounded inputs or datasets). And then shortly another set of researcher finding the vulnerabilities in that defence model and breaking it by proposing a stronger attack model. Some common flaws are been noticed in the past defence models that were broken in very short time. Defence models being broken so easily is a point of concern as decision of many crucial activities are taken with the help of machine learning models. So there is an utter need of some defence checkpoints that any researcher should keep in mind while evaluating the soundness of technique and declaring it to be decent defence technique. In this paper, we have suggested few checkpoints that should be taken into consideration while building and evaluating the soundness of defence models. All these points are recommended after observing why some past defence models failed and how some model remained adamant and proved their soundness against some of the very strong attacks.