MALT Powers Up Adversarial Attacks
This work addresses the efficiency and effectiveness of adversarial attacks for robust models, offering a significant improvement over current state-of-the-art methods.
The paper tackled the problem of naive target class selection in adversarial attacks for multi-class classifiers by introducing MALT, a novel targeting method based on medium-scale almost linearity assumptions, resulting in a five times faster attack that matches AutoAttack's successes and attacks additional samples on CIFAR-100 and ImageNet.
Current adversarial attacks for multi-class classifiers choose the target class for a given input naively, based on the classifier's confidence levels for various target classes. We present a novel adversarial targeting method, \textit{MALT - Mesoscopic Almost Linearity Targeting}, based on medium-scale almost linearity assumptions. Our attack wins over the current state of the art AutoAttack on the standard benchmark datasets CIFAR-100 and ImageNet and for a variety of robust models. In particular, our attack is \emph{five times faster} than AutoAttack, while successfully matching all of AutoAttack's successes and attacking additional samples that were previously out of reach. We then prove formally and demonstrate empirically that our targeting method, although inspired by linear predictors, also applies to standard non-linear models.