benchmark arXiv Dec 11, 2025 · Dec 2025
Kristina Korotkova, Aleksandr Katrutsa · Moscow Institute of Physics and Technology · Skolkovo Institute of Science and Technology
Empirically evaluates Frank-Wolfe projection-free methods vs. PGD/FGSM for constructing white-box adversarial attacks under l1, l2, and l-inf constraints
Input Manipulation Attack vision
The construction of adversarial attacks for neural networks appears to be a crucial challenge for their deployment in various services. To estimate the adversarial robustness of a neural network, a fast and efficient approach is needed to construct adversarial attacks. Since the formalization of adversarial attack construction involves solving a specific optimization problem, we consider the problem of constructing an efficient and effective adversarial attack from a numerical optimization perspective. Specifically, we suggest utilizing advanced projection-free methods, known as modified Frank-Wolfe methods, to construct white-box adversarial attacks on the given input data. We perform a theoretical and numerical evaluation of these methods and compare them with standard approaches based on projection operations or geometrical intuition. Numerical experiments are performed on the MNIST and CIFAR-10 datasets, utilizing a multiclass logistic regression model, the convolutional neural networks (CNNs), and the Vision Transformer (ViT).
cnn transformer traditional_ml Moscow Institute of Physics and Technology · Skolkovo Institute of Science and Technology
ML Security Papers