Theoretical Analysis of Relative Errors in Gradient Computations for Adversarial Attacks with CE Loss
This work addresses a specific numerical instability issue in adversarial machine learning, offering an incremental improvement for researchers and practitioners developing more reliable gradient-based attacks.
This paper tackles the problem of relative errors in gradient computations for adversarial attacks using Cross-Entropy loss, caused by floating-point arithmetic, by proposing the T-MIFPE loss function with an optimal scaling factor to minimize these errors, resulting in improved attack potency and robustness evaluation accuracy on MNIST, CIFAR-10, and CIFAR-100 datasets compared to existing methods.
Gradient-based adversarial attacks using the Cross-Entropy (CE) loss often suffer from overestimation due to relative errors in gradient computation induced by floating-point arithmetic. This paper provides a rigorous theoretical analysis of these errors, conducting the first comprehensive study of floating-point computation errors in gradient-based attacks across four distinct scenarios: (i) unsuccessful untargeted attacks, (ii) successful untargeted attacks, (iii) unsuccessful targeted attacks, and (iv) successful targeted attacks. We establish theoretical foundations characterizing the behavior of relative numerical errors under different attack conditions, revealing previously unknown patterns in gradient computation instability, and identify floating-point underflow and rounding as key contributors. Building on this insight, we propose the Theoretical MIFPE (T-MIFPE) loss function, which incorporates an optimal scaling factor $T = t^*$ to minimize the impact of floating-point errors, thereby enhancing the accuracy of gradient computation in adversarial attacks. Extensive experiments on the MNIST, CIFAR-10, and CIFAR-100 datasets demonstrate that T-MIFPE outperforms existing loss functions, including CE, C\&W, DLR, and MIFPE, in terms of attack potency and robustness evaluation accuracy.