Improving Fast Minimum-Norm Attacks with Hyperparameter Optimization
This work addresses adversarial robustness evaluation for machine learning practitioners, but it is incremental as it builds on existing attack methods.
The paper tackles the challenge of evaluating adversarial robustness by showing that hyperparameter optimization improves fast minimum-norm attacks, automating loss function, optimizer, and step-size selection, with extensive evaluation demonstrating improved efficacy on several robust models.
Evaluating the adversarial robustness of machine learning models using gradient-based attacks is challenging. In this work, we show that hyperparameter optimization can improve fast minimum-norm attacks by automating the selection of the loss function, the optimizer and the step-size scheduler, along with the corresponding hyperparameters. Our extensive evaluation involving several robust models demonstrates the improved efficacy of fast minimum-norm attacks when hyper-up with hyperparameter optimization. We release our open-source code at https://github.com/pralab/HO-FMN.