ML Security PapersFine-Grained Iterative Adversarial Attacks with Limited Computation Budget
Zhichao Hou , Weizhi Gao , Xiaorui Liu
Published on arXiv
2510.26981
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
When integrated into adversarial training, the proposed method achieves comparable robustness to full-budget adversarial training using only 30% of the original computation budget.
This work tackles a critical challenge in AI safety research under limited compute: given a fixed computation budget, how can one maximize the strength of iterative adversarial attacks? Coarsely reducing the number of attack iterations lowers cost but substantially weakens effectiveness. To fulfill the attainable attack efficacy within a constrained budget, we propose a fine-grained control mechanism that selectively recomputes layer activations across both iteration-wise and layer-wise levels. Extensive experiments show that our method consistently outperforms existing baselines at equal cost. Moreover, when integrated into adversarial training, it attains comparable performance with only 30% of the original budget.
Key Contributions
- Fine-grained control mechanism that selectively recomputes layer activations at both iteration-wise and layer-wise levels to maximize adversarial attack efficacy within a fixed compute budget
- Consistent outperformance of baselines on adversarial attack strength at equal computational cost
- Integration into adversarial training that achieves comparable robustness with only 30% of the original training budget
🛡️ Threat Analysis
Core contribution is maximizing iterative adversarial attack strength (gradient-based input manipulation at inference time) under a fixed compute budget, with secondary application to adversarial training as a defense against such attacks.