Name
Abstract | ||
|---|---|---|
Recent breakthroughs in defenses against adversarial examples, like adversarial training, make the neural networks robust against various classes of attackers (e.g., first-order gradient-based attacks). However, it is an open question whether the adversarially trained networks are truly robust under unknown attacks. In this paper, we present interval attacks, a new technique to find adversarial examples to evaluate the robustness of neural networks. Interval attacks leverage symbolic interval propagation, a bound propagation technique that can exploit a broader view around the current input to locate promising areas containing adversarial instances, which in turn can be searched with existing gradient-guided attacks. We can obtain such a broader view using sound bound propagation methods to track and over-approximate the errors of the network within given input ranges. Our results show that, on state-of-the-art adversarially trained networks, interval attack can find on average 47% relatively more violations than the state-of-the-art gradient-guided PGD attack. |
Year | Venue | DocType |
|---|---|---|
2019 | CoRR | Journal |
Volume | Citations | PageRank |
abs/1906.02282 | 0 | 0.34 |
References | Authors | |
0 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Shiqi Wang | 1 | 16 | 6.25 |
| Yizheng Chen | 2 | 60 | 6.91 |
| Ahmed Abdou | 3 | 5 | 1.40 |
| Suman Jana | 4 | 1108 | 49.49 |