Benchmarking and Optimizing Gradient-Based Adversarial Attacks for ML Security.

CVC Seminar


Adversarial attacks exploit vulnerabilities in machine learning models by introducing subtle perturbations to input data, leading to incorrect predictions. Rigorous testing of machine learning models against these attacks is often impractical for modern deep learning systems. For these reasons, empirical methods, optimizing adversarial perturbations via gradient descent, are often used to provide robustness evaluations. Yet, many proposed evaluations have proven to offer deceptive estimates of robustness, often failing under more thorough analysis. Although guidelines and best practices have been suggested to improve current adversarial robustness evaluations, the lack of automatic testing and debugging tools makes it difficult to apply these recommendations in practice and systematically. To this end, the analysis of failures in the optimization of adversarial attacks is the only valid strategy to avoid repeating mistakes of the past. Additionally, the continuous proposal of novel attacks results in overly optimistic and biased evaluations. To address this, we propose a framework and toolset to evaluate and benchmark gradient-based attacks for optimizing adversarial examples, ensuring fair assessment and fostering advancements in ML security evaluations.

Short bio:

Maura Pintor is an Assistant Professor at the PRA Lab, in the Department of Electrical and Electronic Engineering of the University of Cagliari, Italy, Italy.

She received her PhD in Electronic and Computer Engineering from the University of Cagliari in 2022. Her PhD thesis, "Towards Debugging and Improving Adversarial Robustness Evaluations", provides a framework for optimizing and debugging adversarial attacks. She was a visiting student at Eberhard Karls Universitaet Tuebingen, Germany, from March to June 2020 and at the Software Competence Center Hagenberg (SCCH), Austria, from May to August 2021. She is reviewer for ACM CCS, ECCV, ICPR, IJCAI, ICLR, NeurIPS, ACSAC, ICCV, ARES, and for the journals IEEE TIFS, IEEE TIP, IEEE TDSC, IEEE TNNLS, TOPS. She is co-chair of the ACM Workshop on Artificial Intelligence and Security (AISec), co-located with ACM CCS.