Composite Adversarial Attacks

Adversarial attack is a technique for deceiving Machine Learning (ML) models, which provides way to evaluate the adversarial robustness. In practice, algorithms are artificially selected and tuned by human experts break ML system. However, manual selection of attackers tends be sub-optimal, leading mistakenly assessment model security. this paper, new procedure called Composite Attack (CAA) proposed automatically searching best combination their hyper-parameters from candidate pool 32 base attackers. We design search space where policy represented as an attacking sequence, i.e., output previous attacker used initialization input successors. Multi-objective NSGA-II genetic algorithm adopted finding strongest with minimum complexity. The experimental result shows CAA beats 10 top on 11 diverse defenses less elapsed time (6 × faster than AutoAttack), achieves state-of-the-art linf, l2 unrestricted attacks.