About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
ICLR 2018
Conference paper
Attacking the Madry defense model with L1-based adversarial examples
Abstract
The Madry Lab recently hosted a competition designed to test the robustness of their adversarially trained MNIST model. Attacks were constrained to perturb each pixel of the input image by a scaled maximal L∞distortion = 0.3. This decision discourages the use of attacks which are not optimized on the L∞distortion metric. Our experimental results demonstrate that by relaxing the L∞constraint of the competition, the elastic-net attack to deep neural networks (EAD) can generate transferable adversarial examples which, despite their high average L∞distortion, have minimal visual distortion. These results call into question the use of L∞as a sole measure for visual distortion, and further demonstrate the power of EAD at generating robust adversarial examples.