Assessing Robustness via Score-Based Adversarial Image Generation

Links

Abstract

Most adversarial attacks and defenses focus on perturbations within small l_p-norm constraints. However, l_p threat models cannot capture all relevant semantics-preserving perturbations, and hence, the scope of robustness evaluations is limited. In this work, we introduce Score-Based Adversarial Generation (ScoreAG), a novel framework that leverages the advancements in score-based generative models to generate unrestricted adversarial examples that overcome the limitations of l_p-norm constraints. Unlike traditional methods, ScoreAG maintains the core semantics of images while generating adversarial examples, either by transforming existing images or synthesizing new ones entirely from scratch. We further exploit the generative capability of ScoreAG to purify images, empirically enhancing the robustness of classifiers. Our extensive empirical evaluation demonstrates that ScoreAG improves upon the majority of state-of-the-art attacks and defenses across multiple benchmarks. This work highlights the importance of investigating adversarial examples bounded by semantics rather than l_p-norm constraints. ScoreAG represents an important step towards more encompassing robustness assessments.

Cite

@article{kollovieh2023assessing,
title = {Assessing Robustness via Score-Based Adversarial Image Generation},
author = {Kollovieh, Marcel and Gosch, Lukas and Lienen, Marten and Scholten, Yan and Schwinn, Leo and G{\"u}nnemann, Stephan},
journal = {Transactions on Machine Learning Research},
year = {2024},
}

To top

Informatik 26 - Data Analytics and Machine Learning

Prof. Dr. Stephan Günnemann

Technische Universität München
TUM School of Computation, Information and Technology
Department of Computer Science
Boltzmannstr. 3
85748 Garching

Sekretariat:
Raum 00.11.057
Tel.: +49 89 289-17256
Fax: +49 89 289-17257