Adversarial Robustness, White-box, Adversarial Attack
“Practical Evaluation of Adversarial Robustness via Adaptive Auto Attack”
Ye Liu, Yaya Cheng, Lianli Gao, Xianglong Liu, Qilong Zhang, Jingkuan Song
CVPR 2022
Code, model weights, and datasets have been released. We will continue to optimize the code.
paper will be released soon.
A practical evaluation method should be convenient (i.e., parameter-free), efficient (i.e., fewer iterations) and reliable (i.e., approaching the lower bound of robustness). Towards this target, we propose a parameter-free Adaptive Auto Attack (A3) evaluation method. We apply A3 to over 50 widely-used defense models. By consuming much fewer iterations than existing methods, i.e, 1/10 on average (10x speed up), we achieve lower robust accuracy in all cases but one. Notably, we won first place out of 1681 teams in CVPR 2021 White-box Adversarial Attacks on Defense Models