Optimization for Robustness Evaluation beyond $\ell_p$ Metrics
This work addresses the need for more reliable and general robustness evaluation methods for deep learning practitioners, offering a tool that overcomes limitations of existing PGD-based approaches.
The paper tackled the problem of evaluating deep learning model robustness against adversarial attacks beyond standard ℓp metrics, introducing a novel algorithmic framework called PWCF that reliably finds high-quality solutions without delicate hyperparameter tuning and handles general attack models like ℓp (p ≥ 0) and perceptual attacks, achieving results comparable to or better than PGD-based methods in experiments.
Empirical evaluation of deep learning models against adversarial attacks entails solving nontrivial constrained optimization problems. Popular algorithms for solving these constrained problems rely on projected gradient descent (PGD) and require careful tuning of multiple hyperparameters. Moreover, PGD can only handle $\ell_1$, $\ell_2$, and $\ell_\infty$ attack models due to the use of analytical projectors. In this paper, we introduce a novel algorithmic framework that blends a general-purpose constrained-optimization solver PyGRANSO, With Constraint-Folding (PWCF), to add reliability and generality to robustness evaluation. PWCF 1) finds good-quality solutions without the need of delicate hyperparameter tuning, and 2) can handle general attack models, e.g., general $\ell_p$ ($p \geq 0$) and perceptual attacks, which are inaccessible to PGD-based algorithms.