SuperDeepFool: a new fast and accurate minimal adversarial attack
Authors: alireza abdollahpour, Mahed Abroshan, Seyed-Mohsen Moosavi-Dezfooli
NeurIPS 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this paper, we introduce a new family of adversarial attacks that strike a balance between effectiveness and computational efficiency. Our proposed attacks are generalizations of the well-known Deep Fool (DF) attack, while they remain simple to understand and implement. We demonstrate that our attacks outperform existing methods in terms of both effectiveness and computational efficiency. In this section, we conduct extensive experiments to demonstrate the effectiveness of our method in different setups and for several natural and adversarially trained networks. |
| Researcher Affiliation | Collaboration | Alireza Abdollahpoorrostam EPFL Lausanne, Switzerland alireza.abdollahpoorrostam@epfl.ch Mahed Abroshan Imperial College, London, UK m.abroshan23@imperial.ac.uk Seyed-Mohsen Moosavi-Dezfooli Apple Zürich, Switzerland smoosavi@apple.com |
| Pseudocode | Yes | Algorithm 1: SDF (m,n) for binary classifiers; Algorithm 2: SDF for multi-class classifiers |
| Open Source Code | Yes | The code to reproduce our experiments can be found at https://github. com/alirezaabdollahpoor/Super Deep Fool |
| Open Datasets | Yes | We test our algorithms on architectures trained on MNIST, CIFAR10, and Image Net datasets. |
| Dataset Splits | No | The paper mentions training and testing on datasets like CIFAR10, MNIST, and ImageNet, but does not explicitly provide specific training/validation/test split percentages, sample counts, or citations to predefined splits for all datasets used to reproduce the experiments. For example, it states 'We train the model on clean examples for the first 200 epochs' and 'Our model reaches a test accuracy of 90.8%' but no specific split ratios are given. |
| Hardware Specification | No | The paper mentions comparing runtime 'for a fixed hardware' in Table 19, but it does not specify any exact GPU/CPU models, processor types, memory amounts, or detailed computer specifications used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific ancillary software details, such as library names with version numbers (e.g., Python 3.8, PyTorch 1.9, CUDA 11.1), needed to replicate the experiment. |
| Experiment Setup | Yes | We restrict ℓ2-norms of perturbation to 2.6 and set the maximum number of iterations for SDF to 6. For all networks, we set learning rate = 0.01 and weight decay = 0.01. employing consistent model architectures and hyperparameters as those used in [6, 48] studies. |