作者:Hengyue Liang Buyun Liang Le Peng Ying Cui Tim Mitchell Ju Sun
深度学习模型对偶然扰动的经验鲁棒性评估(RE)需要解决非平凡的约束优化问题。在实践中常用的现有数值算法主要依赖于投影梯度,并且主要处理由$\ell_1$、$\ell_2$和$\ell_\infty$距离建模的机会。在本文中,我们介绍了一种新的算法框架,该框架将通用约束优化求解器PyGRANSO与约束折叠(PWCF)相结合,可以为最先进的RE包(例如AutoAttack)增加更多的可靠性和通用性。关于可靠性,PWCF提供了具有平稳性措施和可行性测试的解决方案,以评估解决方案的质量。为了通用性,PWCF可以处理现有投影梯度方法通常无法访问的扰动模型;主要要求是距离度量几乎处处可微。利用PWCF和其他exi
Empirical robustness evaluation (RE) of deep learning models againstadversarial perturbations entails solving nontrivial constrained optimizationproblems. Existing numerical algorithms that are commonly used to solve them inpractice predominantly rely on projected gradient, and mostly handleperturbations modeled by the $\ell_1$, $\ell_2$ and $\ell_\infty$ distances. Inthis paper, we introduce a novel algorithmic framework that blends ageneral-purpose constrained-optimization solver PyGRANSO with ConstraintFolding (PWCF), which can add more reliability and generality to thestate-of-the-art RE packages, e.g., AutoAttack. Regarding reliability, PWCFprovides solutions with stationarity measures and feasibility tests to assessthe solution quality. For generality, PWCF can handle perturbation models thatare typically inaccessible to the existing projected gradient methods; the mainrequirement is the distance metric to be almost everywhere differentiable.Taking advantage of PWCF and other existing numerical algorithms, we furtherexplore the distinct patterns in the solutions found for solving theseoptimization problems using various combinations of losses, perturbationmodels, and optimization algorithms. We then discuss the implications of thesepatterns on the current robustness evaluation and adversarial training.
论文链接:http://arxiv.org/pdf/2303.13401v1
更多计算机论文:http://cspaper.cn/