Loading…
ROBY: Evaluating the adversarial robustness of a deep model by its decision boundaries
With the successful applications of DNNs in many real-world tasks, model’s robustness has raised public concern. Recently the robustness of deep models is often evaluated by purposely generated adversarial samples, which is time-consuming and usually dependent on the specific attacks and model struc...
Saved in:
Published in: | Information sciences 2022-03, Vol.587, p.97-122 |
---|---|
Main Authors: | , , , , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | With the successful applications of DNNs in many real-world tasks, model’s robustness has raised public concern. Recently the robustness of deep models is often evaluated by purposely generated adversarial samples, which is time-consuming and usually dependent on the specific attacks and model structures. Addressing the problem, we propose a generic evaluation metric ROBY, a novel attack-independent robustness measurement based on the model’s feature distribution. Without prior knowledge of adversarial samples, ROBY uses inter-class and intra-class statistics to capture the features in the latent space. Models with stronger robustness always have larger distances between classes and smaller distances in the same class. Comprehensive experiments have been conducted on ten state-of-the-art deep models and different datasets to verify ROBY’s effectiveness and efficiency. Compared with other evaluation metrics, ROBY better matches the robustness golden standard attack success rate (ASR), with significantly less computation cost. To the best of our knowledge, ROBY is the first light-weighted attack-independent robustness evaluation metric general to a wide range of deep models. The code of it can be downloaded at https://github.com/Allen-piexl/ROBY. |
---|---|
ISSN: | 0020-0255 1872-6291 |
DOI: | 10.1016/j.ins.2021.12.021 |