Conference proceeding
A Branch and Bound Framework for Stronger Adversarial Attacks of ReLU Networks
INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 162, Vol.162, pp.26591-26604
Proceedings of Machine Learning Research
01 Jan 2022
Featured in Collection : UN Sustainable Development Goals @ Drexel
Abstract
Strong adversarial attacks are important for evaluating the true robustness of deep neural networks. Most existing attacks search in the input space, e.g., using gradient descent, and may miss adversarial examples due to non-convexity. In this work, we systematically search adversarial examples in the activation space of ReLU networks to tackle hard instances where none of the existing adversarial attacks succeed. Unfortunately, searching the activation space typically relies on generic mixed integer programming (MIP) solvers and is limited to small networks and easy problem instances. To improve scalability and practicability, we use branch and bound (BaB) with specialized GPU-based bound propagation methods, and propose a top-down beam-search approach to quickly identify the subspace that may contain adversarial examples. Moreover, we build an adversarial candidates pool using cheap attacks to further assist the search in activation space via diving techniques and a bottom-up large neighborhood search. Our adversarial attack framework, BaB-Attack, opens up a new opportunity for designing novel adversarial attacks not limited to searching the input space, and enables us to borrow techniques from integer programming theory and neural network verification. In experiments, we can successfully generate adversarial examples when existing attacks on input space fail. Compared to off-the-shelf MIP solver based attacks that requires significant computations, we outperform in both success rates and efficiency.
Metrics
2 Record Views
Details
- Title
- A Branch and Bound Framework for Stronger Adversarial Attacks of ReLU Networks
- Creators
- Huan Zhang - Carnegie Mellon Univ, Pittsburgh, PA 15213 USAShiqi Wang - Columbia UniversityKaidi Xu - Drexel UniversityYihan Wang - Univ Calif Los Angeles, Los Angeles, CA 90024 USASuman Jana - Columbia UniversityCho-Jui Hsieh - Univ Calif Los Angeles, Los Angeles, CA 90024 USAZico Kolter - Carnegie Mellon Univ, Pittsburgh, PA 15213 USA
- Contributors
- K Chaudhuri (Editor)S Jegelka (Editor)L Song (Editor)C Szepesvari (Editor)G Niu (Editor)S Sabato (Editor)
- Publication Details
- INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 162, Vol.162, pp.26591-26604
- Series
- Proceedings of Machine Learning Research
- Publisher
- JMLR-JOURNAL MACHINE LEARNING RESEARCH
- Number of pages
- 14
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Identifiers
- 991021871490904721
UN Sustainable Development Goals (SDGs)
This output has contributed to the advancement of the following goals:
InCites Highlights
These are selected metrics from InCites Benchmarking & Analytics tool, related to this output
- Collaboration types
- Domestic collaboration
- Web of Science research areas
- Computer Science, Artificial Intelligence