Sparse-PGD: A Unified Framework for Sparse Adversarial Perturbations Generation
This work addresses the robustness of machine learning models against sparse adversarial attacks, which is an incremental improvement in the domain of adversarial machine learning.
The paper tackles the problem of generating sparse adversarial perturbations, both unstructured and structured, by proposing a framework called Sparse-PGD, which demonstrates strong performance in attacks and enables adversarial training to build models with state-of-the-art robustness against various sparse attacks.
This work studies sparse adversarial perturbations, including both unstructured and structured ones. We propose a framework based on a white-box PGD-like attack method named Sparse-PGD to effectively and efficiently generate such perturbations. Furthermore, we combine Sparse-PGD with a black-box attack to comprehensively and more reliably evaluate the models' robustness against unstructured and structured sparse adversarial perturbations. Moreover, the efficiency of Sparse-PGD enables us to conduct adversarial training to build robust models against various sparse perturbations. Extensive experiments demonstrate that our proposed attack algorithm exhibits strong performance in different scenarios. More importantly, compared with other robust models, our adversarially trained model demonstrates state-of-the-art robustness against various sparse attacks. Codes are available at https://github.com/CityU-MLO/sPGD.