Sequential Difference Maximization: New Gradient-Based Attack Method
There's a new method called Sequential Difference Maximization, or SDM, that's been developed to evaluate how strong different models are. It addresses the issue of "high-loss non-adversarial examples," which has been a problem for techniques like APGD. SDM changes the goal to create a bigger gap between the probabilities of incorrect labels and the correct label. It uses a three-level optimization process called "cycle-stage-step" and includes both a negative probability loss function and a Directional Probability Difference Ratio loss function. You can check out the research on arXiv under the ID 2605.20308.
Key facts
- SDM is a new gradient-based attack method for evaluating model robustness.
- It addresses the issue of 'high-loss non-adversarial examples'.
- SDM reconstructs the objective to maximize the difference between non-ground-truth label probability upper bound and ground-truth label probability.
- It uses a three-layer optimization framework: cycle-stage-step.
- The method employs negative probability loss and DPDR loss functions.
- Previous methods like APGD had difficulty achieving significant breakthroughs.
- The paper is published on arXiv with ID 2605.20308.
- The method is designed to improve attack performance.
Entities
Institutions
- arXiv