Francesco Croce & Matthias Hein (2020)
International Conference on Machine Learning.
URL: https://arxiv.org/abs/2003.01690
Abstract. Introduces AutoAttack, the de facto standard adversarial-robustness benchmark. AutoAttack ensembles four parameter-free attacks, APGD with cross-entropy loss, APGD with the difference-of-logits-ratio loss, FAB and Square Attack, eliminating the need to tune attack hyperparameters per defence. The authors apply AutoAttack to dozens of published defences and find that the reported robust accuracies of most are substantially overstated; the curated RobustBench leaderboard built around AutoAttack now serves as the community's reproducible robustness benchmark.
Tags: adversarial safety robustness benchmark
Cited in: