Università degli Studi di Cagliari
open
Carla Seatzu
HO-FMN: Hyperparameter optimization for fast minimum-norm attacks
Mura, RaffaeleCo-primo
;Floris, GiuseppeCo-primo
;Scionis, LucaCo-primo
;Piras, Giorgio;Pintor, Maura
;Demontis, Ambra;Giacinto, Giorgio;Biggio, BattistaPenultimo
;Roli, FabioUltimo
2025-01-01
Abstract
Gradient-based attacks are a primary tool to evaluate robustness of machine-learning models. However, many attacks tend to provide overly-optimistic evaluations as they use fixed loss functions, optimizers, step-size schedulers, and default hyperparameters. In this work, we tackle these limitations by proposing a parametric variation of the well-known fast minimum-norm attack algorithm, whose loss, optimizer, step-size scheduler, and hyperparameters can be dynamically adjusted. We re-evaluate 12 robust models, showing that our attack finds smaller adversarial perturbations without requiring any additional tuning. This also enables reporting adversarial robustness as a function of the perturbation budget, providing a more complete evaluation than that offered by fixed-budget attacks, while remaining efficient. We release our open-source code at https://github.com/pralab/HO-FMN.
File in questo prodotto:
| File | Dimensione | Formato | |
|---|---|---|---|
| 1-s2.0-S0925231224016898-main.pdf accesso aperto
Descrizione: open access
Tipologia: versione editoriale (VoR)
Dimensione 2.61 MB
Formato Adobe PDF
|
2.61 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.