부산대학교 도서관

Empirical evaluation of the adversarial robustness of deep learning models involves solving non-trivial constrained optimization problems. Popular numerical algorithms to solve these constrained problems rely predominantly on projected gradient descent (PGD) and mostly handle adversarial perturbations modeled by the ℓ 1 , ℓ 2 , and ℓ ∞ metrics. In this paper, we introduce a novel algorithmic framework that blends a general-purpose constrained-optimization solver PyGRANSO, With Constraint-Folding (PWCF), to add reliability and generality to robustness evaluation. PWCF 1) finds good-quality solutions without the need of delicate hyperparameter tuning and 2) can handle more general perturbation types, e.g., modeled by general ℓ p (where p > 0) and perceptual (nonℓ p ) distances, which are inaccessible to existing PGD-based algorithms.