Colliding with Adversaries at ECML-PKDD 2025 Adversarial Attack Competition 1st Prize Solution
This work addresses adversarial robustness in high-energy physics, but it is incremental as it applies known gradient-based techniques to a specific competition task.
The authors tackled the problem of designing an adversarial attack to maximize misclassification with minimal perturbations for a classification model in a high-energy physics competition, achieving first place with the best results in perturbation size and fooling success rate.
This report presents the winning solution for Task 1 of Colliding with Adversaries: A Challenge on Robust Learning in High Energy Physics Discovery at ECML-PKDD 2025. The task required designing an adversarial attack against a provided classification model that maximizes misclassification while minimizing perturbations. Our approach employs a multi-round gradient-based strategy that leverages the differentiable structure of the model, augmented with random initialization and sample-mixing techniques to enhance effectiveness. The resulting attack achieved the best results in perturbation size and fooling success rate, securing first place in the competition.