Exploring the Adversarial Frontier: Quantifying Robustness via Adversarial Hypervolume

IF 5.3 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Emerging Topics in Computational Intelligence Pub Date : 2025-02-13 DOI:10.1109/TETCI.2025.3535656

Ping Guo;Cheng Gong;Xi Lin;Zhiyuan Yang;Qingfu Zhang

{"title":"Exploring the Adversarial Frontier: Quantifying Robustness via Adversarial Hypervolume","authors":"Ping Guo;Cheng Gong;Xi Lin;Zhiyuan Yang;Qingfu Zhang","doi":"10.1109/TETCI.2025.3535656","DOIUrl":null,"url":null,"abstract":"The escalating threat of adversarial attacks on deep learning models, particularly in security-critical fields, has highlighted the need for robust deep learning systems. Conventional evaluation methods of their robustness rely on adversarial accuracy, which measures the model performance under a specific perturbation intensity. However, this singular metric does not fully encapsulate the overall resilience of a model against varying degrees of perturbation. To address this issue, we propose a new metric termed as the adversarial hypervolume for assessing the robustness of deep learning models comprehensively over a range of perturbation intensities from a multi-objective optimization standpoint. This metric allows for an in-depth comparison of defense mechanisms and recognizes the trivial improvements in robustness brought by less potent defensive strategies. We adopt a novel training algorithm to enhance adversarial robustness uniformly across various perturbation intensities, instead of only optimizing adversarial accuracy. Our experiments validate the effectiveness of the adversarial hypervolume metric in robustness evaluation, demonstrating its ability to reveal subtle differences in robustness that adversarial accuracy overlooks.","PeriodicalId":13135,"journal":{"name":"IEEE Transactions on Emerging Topics in Computational Intelligence","volume":"9 2","pages":"1367-1378"},"PeriodicalIF":5.3000,"publicationDate":"2025-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computational Intelligence","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10885038/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The escalating threat of adversarial attacks on deep learning models, particularly in security-critical fields, has highlighted the need for robust deep learning systems. Conventional evaluation methods of their robustness rely on adversarial accuracy, which measures the model performance under a specific perturbation intensity. However, this singular metric does not fully encapsulate the overall resilience of a model against varying degrees of perturbation. To address this issue, we propose a new metric termed as the adversarial hypervolume for assessing the robustness of deep learning models comprehensively over a range of perturbation intensities from a multi-objective optimization standpoint. This metric allows for an in-depth comparison of defense mechanisms and recognizes the trivial improvements in robustness brought by less potent defensive strategies. We adopt a novel training algorithm to enhance adversarial robustness uniformly across various perturbation intensities, instead of only optimizing adversarial accuracy. Our experiments validate the effectiveness of the adversarial hypervolume metric in robustness evaluation, demonstrating its ability to reveal subtle differences in robustness that adversarial accuracy overlooks.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computational Intelligence Mathematics-Control and Optimization

CiteScore

10.30

自引率

7.50%

发文量

147

期刊介绍： The IEEE Transactions on Emerging Topics in Computational Intelligence (TETCI) publishes original articles on emerging aspects of computational intelligence, including theory, applications, and surveys. TETCI is an electronics only publication. TETCI publishes six issues per year. Authors are encouraged to submit manuscripts in any emerging topic in computational intelligence, especially nature-inspired computing topics not covered by other IEEE Computational Intelligence Society journals. A few such illustrative examples are glial cell networks, computational neuroscience, Brain Computer Interface, ambient intelligence, non-fuzzy computing with words, artificial life, cultural learning, artificial endocrine networks, social reasoning, artificial hormone networks, computational intelligence for the IoT and Smart-X technologies.