Attack Ensemble (AE), which combines multiple attacks together, provides a reliable way to evaluate adversarial robustness. In practice, AEs are often constructed and tuned by human experts, which however tends to be sub-optimal and time-consuming. In this work, we present AutoAE, a conceptually simple approach for automatically constructing AEs. In brief, AutoAE repeatedly adds the attack and its iteration steps to the ensemble that maximizes ensemble improvement per additional iteration consumed. We show theoretically that AutoAE yields AEs provably within a constant factor of the optimal for a given defense. We then use AutoAE to construct two AEs for l∞ and l2 attacks, and apply them without any tuning or adaptation to 45 top adversaria...
Adversarial Training is proved to be an efficient method to defend against adversarial examples, bei...
Evaluating robustness of machine-learning models to adversarial examples is a challenging problem. M...
Background: Building an effective Intrusion detection system in a multi-attack classification enviro...
Evaluation of adversarial robustness is often error-prone leading to overestimation of the true robu...
The AutoAttack (AA) has been the most reliable method to evaluate adversarial robustness when consid...
Ensemble-based Adversarial Training is a principled approach to achieve robustness against adversari...
Ensemble-based adversarial training is a principled approach to achieve robustness against adversari...
The strategy of ensemble has become popular in adversarial defense, which trains multiple base class...
Adversarial training and its variants have become the standard defense against adversarial attacks -...
The research on image-classification-adversarial attacks is crucial in the realm of artificial intel...
Despite the tremendous success of deep neural networks across various tasks, their vulnerability to ...
Most existing adversarial defenses only measure robustness to L_p adversarial attacks. Not only are ...
Adversarial attacks have threatened modern deep learning systems by crafting adversarial examples wi...
Adversarial attack is a technique for deceiving Machine Learning (ML) models, which provides a way t...
Recently, RobustBench (Croce et al. 2020) has become a widely recognized benchmark for the adversari...
Adversarial Training is proved to be an efficient method to defend against adversarial examples, bei...
Evaluating robustness of machine-learning models to adversarial examples is a challenging problem. M...
Background: Building an effective Intrusion detection system in a multi-attack classification enviro...
Evaluation of adversarial robustness is often error-prone leading to overestimation of the true robu...
The AutoAttack (AA) has been the most reliable method to evaluate adversarial robustness when consid...
Ensemble-based Adversarial Training is a principled approach to achieve robustness against adversari...
Ensemble-based adversarial training is a principled approach to achieve robustness against adversari...
The strategy of ensemble has become popular in adversarial defense, which trains multiple base class...
Adversarial training and its variants have become the standard defense against adversarial attacks -...
The research on image-classification-adversarial attacks is crucial in the realm of artificial intel...
Despite the tremendous success of deep neural networks across various tasks, their vulnerability to ...
Most existing adversarial defenses only measure robustness to L_p adversarial attacks. Not only are ...
Adversarial attacks have threatened modern deep learning systems by crafting adversarial examples wi...
Adversarial attack is a technique for deceiving Machine Learning (ML) models, which provides a way t...
Recently, RobustBench (Croce et al. 2020) has become a widely recognized benchmark for the adversari...
Adversarial Training is proved to be an efficient method to defend against adversarial examples, bei...
Evaluating robustness of machine-learning models to adversarial examples is a challenging problem. M...
Background: Building an effective Intrusion detection system in a multi-attack classification enviro...