Adversarial Attack Generation Empowered by Min-Max Optimization
Dec 6, 2021
Speakers
Jingkang Wang
Speaker · 0 followers
Tianyun Zhang
Speaker · 0 followers
Pin-Yu Chen
Speaker · 3 followers
Makan Fardad
Speaker · 0 followers
About
The worst-case training principle that minimizes the maximal adversarial loss, also known as adversarial training (AT), has shown to be a state-of-the-art approach for enhancing adversarial robustness. Nevertheless, min-max optimization beyond the purpose of AT has not been rigorously explored in the adversarial context. In this paper, we show how a general notion of min-max optimization over multiple domains can be leveraged to the design of different types of adversarial attacks. In particular, given a set of risk sources, minimizing the worst-case attack loss can be reformulated as a min-max problem by introducing domain weights that are maximized over the probability simplex of the domain set. We showcase this unified framework in three attack generation problems – attacking model ensembles, devising universal perturbation under multiple inputs, and crafting attacks resilient to data transformations. Extensive experiments demonstrate that our approach leads to substantial attack improvement over the existing heuristic strategies as well as robustness improvement over state-of-the-art defense methods against multiple perturbation types. Furthermore, we find that the self-adjusted domain weights learned from min-max optimization can provide a holistic tool to explain the difficulty level of attack across domains.The worst-case training principle that minimizes the maximal adversarial loss, also known as adversarial training (AT), has shown to be a state-of-the-art approach for enhancing adversarial robustness. Nevertheless, min-max optimization beyond the purpose of AT has not been rigorously explored in the adversarial context. In this paper, we show how a general notion of min-max optimization over multiple domains can be leveraged to the design of different types of adversarial attacks. In particular…
Organizer
NeurIPS 2021
Account · 1.9k followers
About NeurIPS 2021
Neural Information Processing Systems (NeurIPS) is a multi-track machine learning and computational neuroscience conference that includes invited talks, demonstrations, symposia and oral and poster presentations of refereed papers. Following the conference, there are workshops which provide a less formal setting.
Like the format? Trust SlidesLive to capture your next event!
Professional recording and live streaming, delivered globally.
Sharing
Recommended Videos
Presentations on similar topic, category or speaker
On the Estimation Bias in Double Q-Learning
Watch later
Zhizhou Ren, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Beyond Bandit Feedback in Online Multiclass Classification
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Information-theoretic generalization bounds for black-box learning algorithms
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Circular-Symmetric Correlation Layer
Watch later
Bahar Azari, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
USCO-Solver: Solving Undetermined Stochastic Combinatorial Optimization Problems
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Sample-Efficient Reinforcement Learning for Linearly-Parameterized MDPs with a Generative Model
Watch later
Bingyan Wang, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%