Sequential Difference Maximization: Generating Adversarial Examples via Multi-Stage Optimization
This work addresses the need for efficient adversarial attacks to assess model robustness in computer vision, representing an incremental improvement with a novel optimization framework.
The paper tackles the problem of generating adversarial examples for computer vision models by proposing Sequential Difference Maximization (SDM), a gradient-based attack method that reformulates the optimization objective to maximize differences in label probabilities, resulting in stronger attack performance and higher cost-effectiveness compared to previous state-of-the-art methods.
Efficient adversarial attack methods are critical for assessing the robustness of computer vision models. In this paper, we reconstruct the optimization objective for generating adversarial examples as "maximizing the difference between the non-true labels' probability upper bound and the true label's probability," and propose a gradient-based attack method termed Sequential Difference Maximization (SDM). SDM establishes a three-layer optimization framework of "cycle-stage-step." The processes between cycles and between iterative steps are respectively identical, while optimization stages differ in terms of loss functions: in the initial stage, the negative probability of the true label is used as the loss function to compress the solution space; in subsequent stages, we introduce the Directional Probability Difference Ratio (DPDR) loss function to gradually increase the non-true labels' probability upper bound by compressing the irrelevant labels' probabilities. Experiments demonstrate that compared with previous SOTA methods, SDM not only exhibits stronger attack performance but also achieves higher attack cost-effectiveness. Additionally, SDM can be combined with adversarial training methods to enhance their defensive effects. The code is available at https://github.com/X-L-Liu/SDM.