Efficient Loss Function by Minimizing the Detrimental Effect of Floating-Point Errors on Gradient-Based Attacks
Abstract
Attackers can deceive neural networks by adding human imperceptive perturbations to their input data; this reveals the vulnerability and weak robustness of current deep-learning networks. Many attack techniques have been proposed to evaluate the model's robustness. Gradient-based attacks suffer from severely overestimating the robustness. This paper identifies that the relative error in calculated gradients caused by floating-point errors, including floating-point underflow and rounding errors, is a fundamental reason why gradient-based attacks fail to accurately assess the model's robustness. Although it is hard to eliminate the relative error in the gradients, we can control its effect on the gradient-based attacks. Correspondingly, we propose an efficient loss function by minimizing the detrimental impact of the floating-point errors on the attacks. Experimental results show that it is more efficient and reliable than other loss functions when examined across a wide range of defence mechanisms.
Cite
Text
Yu and Xu. "Efficient Loss Function by Minimizing the Detrimental Effect of Floating-Point Errors on Gradient-Based Attacks." Conference on Computer Vision and Pattern Recognition, 2023. doi:10.1109/CVPR52729.2023.00395Markdown
[Yu and Xu. "Efficient Loss Function by Minimizing the Detrimental Effect of Floating-Point Errors on Gradient-Based Attacks." Conference on Computer Vision and Pattern Recognition, 2023.](https://mlanthology.org/cvpr/2023/yu2023cvpr-efficient/) doi:10.1109/CVPR52729.2023.00395BibTeX
@inproceedings{yu2023cvpr-efficient,
title = {{Efficient Loss Function by Minimizing the Detrimental Effect of Floating-Point Errors on Gradient-Based Attacks}},
author = {Yu, Yunrui and Xu, Cheng-Zhong},
booktitle = {Conference on Computer Vision and Pattern Recognition},
year = {2023},
pages = {4056-4066},
doi = {10.1109/CVPR52729.2023.00395},
url = {https://mlanthology.org/cvpr/2023/yu2023cvpr-efficient/}
}