De Giovanni Cosimo
UniCa Ateneo Docenti e ricercatori Cosimo De Giovanni Ricerca Prodotti della Ricerca (IRIS)

Cosimo De Giovanni

\textbackslash sigma-zero: Gradient-based Optimization of \textbackslash ell\_0-norm Adversarial Examples

Antonio Emanuele Cinà
Primo
;Maura Pintor;Battista Biggio;
2025-01-01

Abstract

Evaluating the adversarial robustness of deep networks to gradient-based attacks is challenging. While most attacks consider ω2- and ω→-norm constraints to craft input perturbations, only a few investigate sparse ω1- and ω0-norm attacks. In particular, ω0-norm attacks remain the least studied due to the inherent complexity of optimizing over a non-convex and non-differentiable constraint. However, evaluating adversarial robustness under these attacks could reveal weaknesses otherwise left untested with more conventional ω2- and ω→-norm attacks. In this work, we propose a novel ω0-norm attack, called ε-zero, which leverages a differentiable approximation of the ω0 norm to facilitate gradient-based optimization, and an adaptive projection operator to dynamically adjust the trade-off between loss minimization and perturbation sparsity. Extensive evaluations using MNIST, CIFAR10, and ImageNet datasets, involving robust and non-robust models, show that ε-zero finds minimum ω0-norm adversarial examples without requiring any time-consuming hyperparameter tuning, and that it outperforms all competing sparse attacks in terms of success rate, perturbation size, and efficiency.
2025
Inglese
International Conference on Representation Learning
9798331320850
Y. Yue, A. Garg, N. Peng, F. Sha, R. Yu
2025
91199
91211
13
https://proceedings.iclr.cc/paper_files/paper/2025/file/e362f86c10bc7aed56bc822c5385ec3c-Paper-Conference.pdf
International Conference on Representation Learning 2025 (ICLR 2025)
Esperti anonimi
Apr 24-28, 2025
Singapore
internazionale
scientifica
4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno
Cinà, Antonio Emanuele; Villani, Francesco; Pintor, Maura; Schönherr, Lea; Biggio, Battista; Pelillo, Marcello
273
6
4.1 Contributo in Atti di convegno
open
info:eu-repo/semantics/conferencePaper
   European Lighthouse on Secure and Safe AI
   ELSA
   European Commission
   Horizon Europe Framework Programme
   101070617
File in questo prodotto:
File Dimensione Formato  
ICLR-2025-sigma-zero-gradient-based-optimization-of-ell_0-norm-adversarial-examples-Paper-Conference.pdf

accesso aperto

Descrizione: versione pubblicata
Tipologia: versione post-print (AAM)
Dimensione 1.35 MB
Formato Adobe PDF
Visualizza/Apri
1.35 MB Adobe PDF Visualizza/Apri
appendix_a.pdf

accesso aperto

Descrizione: supplemental
Tipologia: altro documento allegato
Dimensione 7.23 MB
Formato Adobe PDF
Visualizza/Apri
7.23 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Questionario e social

Condividi su:
Impostazioni cookie