Tuning for Two Adversaries: Enhancing the Robustness Against Transfer and Query-Based Attacks using Hyperparameter Tuning
This addresses the challenge of enhancing model robustness against adversarial attacks for machine learning practitioners, though it is incremental as it focuses on hyperparameter tuning rather than a new defense method.
The paper tackles the problem of how optimization hyperparameters affect robustness against transfer-based and query-based attacks, finding that decreasing learning rate boosts transfer attack robustness by up to 64% while increasing it improves query attack robustness by up to 28%, with distributed models showing the best tradeoff.
In this paper, we present the first detailed analysis of how optimization hyperparameters -- such as learning rate, weight decay, momentum, and batch size -- influence robustness against both transfer-based and query-based attacks. Supported by theory and experiments, our study spans a variety of practical deployment settings, including centralized training, ensemble learning, and distributed training. We uncover a striking dichotomy: for transfer-based attacks, decreasing the learning rate significantly enhances robustness by up to $64\%$. In contrast, for query-based attacks, increasing the learning rate consistently leads to improved robustness by up to $28\%$ across various settings and data distributions. Leveraging these findings, we explore -- for the first time -- the optimization hyperparameter design space to jointly enhance robustness against both transfer-based and query-based attacks. Our results reveal that distributed models benefit the most from hyperparameter tuning, achieving a remarkable tradeoff by simultaneously mitigating both attack types more effectively than other training setups.