Towards Efficient Training and Evaluation of Robust Models against l0 Bounded Adversarial Perturbations

Xuyang Zhong; Yixiao Huang; Chen Liu

Towards Efficient Training and Evaluation of Robust Models against l₀ Bounded Adversarial Perturbations

^*Corresponding author for this work

Department of Computer Science

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

Abstract

This work studies sparse adversarial perturbations bounded by $l_0$ norm. We propose a white-box PGD-like attack method named sparse-PGD to effectively and efficiently generate such perturbations. Furthermore, we combine sparse-PGD with a black-box attack to comprehensively and more reliably evaluate the models' robustness against $l_0$ bounded adversarial perturbations. Moreover, the efficiency of sparse-PGD enables us to conduct adversarial training to build robust models against sparse perturbations. Extensive experiments demonstrate that our proposed attack algorithm exhibits strong performance in different scenarios. More importantly, compared with other robust models, our adversarially trained model demonstrates state-of-the-art robustness against various sparse attacks. Codes are available at https://github.com/CityU-MLO/sPGD.

© 2024 by the author(s).

Original language	English
Title of host publication	Proceedings of the 41^st International Conference on Machine Learning
Publisher	ML Research Press
Pages	61708-61726
Publication status	Published - 2024
Event	41st International Conference on Machine Learning (ICML 2024) - Messe Wien Exhibition Congress Center, Vienna, Austria Duration: 21 Jul 2024 → 27 Jul 2024 https://proceedings.mlr.press/v235/ https://icml.cc/

Publication series

Name	Proceedings of Machine Learning Research
Volume	235
ISSN (Print)	2640-3498

Conference

Conference	41st International Conference on Machine Learning (ICML 2024)
Country/Territory	Austria
City	Vienna
Period	21/07/24 → 27/07/24
Internet address	https://proceedings.mlr.press/v235/ https://icml.cc/

Funding

This work is supported by National Natural Science Foundation of China (NSFC Project No. 62306250), CityU APRC Project (Project No. 9610614), and CityU Seed Grant (Project No. 9229130).

Access Output

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@inproceedings{e640f9fc6b4e4f11833005f2372d0b6c,

title = "Towards Efficient Training and Evaluation of Robust Models against l0 Bounded Adversarial Perturbations",

abstract = "This work studies sparse adversarial perturbations bounded by $l_0$ norm. We propose a white-box PGD-like attack method named sparse-PGD to effectively and efficiently generate such perturbations. Furthermore, we combine sparse-PGD with a black-box attack to comprehensively and more reliably evaluate the models' robustness against $l_0$ bounded adversarial perturbations. Moreover, the efficiency of sparse-PGD enables us to conduct adversarial training to build robust models against sparse perturbations. Extensive experiments demonstrate that our proposed attack algorithm exhibits strong performance in different scenarios. More importantly, compared with other robust models, our adversarially trained model demonstrates state-of-the-art robustness against various sparse attacks. Codes are available at https://github.com/CityU-MLO/sPGD.{\textcopyright} 2024 by the author(s). ",

author = "Xuyang Zhong and Yixiao Huang and Chen Liu",

year = "2024",

language = "English",

series = "Proceedings of Machine Learning Research",

publisher = "ML Research Press",

pages = "61708--61726",

booktitle = "Proceedings of the 41st International Conference on Machine Learning",

note = "41st International Conference on Machine Learning (ICML 2024) ; Conference date: 21-07-2024 Through 27-07-2024",

url = "https://proceedings.mlr.press/v235/, https://icml.cc/",

}

Zhong, X, Huang, Y & Liu, C 2024, Towards Efficient Training and Evaluation of Robust Models against l₀ Bounded Adversarial Perturbations. in Proceedings of the 41^st International Conference on Machine Learning. Proceedings of Machine Learning Research, vol. 235, ML Research Press, pp. 61708-61726, 41st International Conference on Machine Learning (ICML 2024), Vienna, Austria, 21/07/24. <https://proceedings.mlr.press/v235/zhong24c.html>

Towards Efficient Training and Evaluation of Robust Models against l₀ Bounded Adversarial Perturbations. / Zhong, Xuyang; Huang, Yixiao; Liu, Chen.
Proceedings of the 41^st International Conference on Machine Learning. ML Research Press, 2024. p. 61708-61726 (Proceedings of Machine Learning Research; Vol. 235).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Towards Efficient Training and Evaluation of Robust Models against l0 Bounded Adversarial Perturbations

AU - Zhong, Xuyang

AU - Huang, Yixiao

AU - Liu, Chen

PY - 2024

Y1 - 2024

N2 - This work studies sparse adversarial perturbations bounded by $l_0$ norm. We propose a white-box PGD-like attack method named sparse-PGD to effectively and efficiently generate such perturbations. Furthermore, we combine sparse-PGD with a black-box attack to comprehensively and more reliably evaluate the models' robustness against $l_0$ bounded adversarial perturbations. Moreover, the efficiency of sparse-PGD enables us to conduct adversarial training to build robust models against sparse perturbations. Extensive experiments demonstrate that our proposed attack algorithm exhibits strong performance in different scenarios. More importantly, compared with other robust models, our adversarially trained model demonstrates state-of-the-art robustness against various sparse attacks. Codes are available at https://github.com/CityU-MLO/sPGD.© 2024 by the author(s).

AB - This work studies sparse adversarial perturbations bounded by $l_0$ norm. We propose a white-box PGD-like attack method named sparse-PGD to effectively and efficiently generate such perturbations. Furthermore, we combine sparse-PGD with a black-box attack to comprehensively and more reliably evaluate the models' robustness against $l_0$ bounded adversarial perturbations. Moreover, the efficiency of sparse-PGD enables us to conduct adversarial training to build robust models against sparse perturbations. Extensive experiments demonstrate that our proposed attack algorithm exhibits strong performance in different scenarios. More importantly, compared with other robust models, our adversarially trained model demonstrates state-of-the-art robustness against various sparse attacks. Codes are available at https://github.com/CityU-MLO/sPGD.© 2024 by the author(s).

UR - http://www.scopus.com/inward/record.url?scp=85203806438&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85203806438&origin=recordpage

M3 - RGC 32 - Refereed conference paper (with host publication)

T3 - Proceedings of Machine Learning Research

SP - 61708

EP - 61726

BT - Proceedings of the 41st International Conference on Machine Learning

PB - ML Research Press

T2 - 41st International Conference on Machine Learning (ICML 2024)

Y2 - 21 July 2024 through 27 July 2024

ER -

Towards Efficient Training and Evaluation of Robust Models against l₀ Bounded Adversarial Perturbations

Abstract

Publication series

Conference

Funding

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

DON_RMG: Towards More Efficient and Robust Object Detection Models against Adversarial Patches for Auto-driving - RMGS

Cite this

Towards Efficient Training and Evaluation of Robust Models against l0 Bounded Adversarial Perturbations

Abstract

Publication series

Conference

Funding

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Projects

DON_RMG: Towards More Efficient and Robust Object Detection Models against Adversarial Patches for Auto-driving - RMGS

Cite this

Towards Efficient Training and Evaluation of Robust Models against l₀ Bounded Adversarial Perturbations