Adversarial examples of deep neural networks are receiving ever increasing attention because they help in understanding and reducing the sensitivity to their input. This is natural given the increasing applications of deep neural networks in our everyday lives. When white-box attacks are almost always successful, it is typically only the distortion of the perturbations that matters in their evaluation. In this work, we argue that speed is important as well, especially when considering that fast attacks are required by adversarial training. Given more time, iterative methods can always find better solutions. We investigate this speed-distortion trade-off in some depth and introduce a new attack called boundary projection (BP) that improves upon existing methods by a large margin. Our key idea is that the classification boundary is a manifold in the image space: we therefore quickly reach the boundary and then optimize distortion on this manifold.

中文翻译：

---

行走在边缘：快速、低失真的对抗示例


深度神经网络的对抗性例子正受到越来越多的关注，因为它们有助于理解和降低对其输入的敏感性。鉴于深度神经网络在我们日常生活中的应用不断增加，这是很自然的。当白盒攻击几乎总是成功时，通常只有扰动的扭曲对其评估才重要。在这项工作中，我们认为速度也很重要，特别是考虑到对抗性训练需要快速攻击时。如果有更多的时间，迭代方法总能找到更好的解决方案。我们在一定程度上研究了这种速度与失真的权衡，并引入了一种称为边界投影（BP）的新攻击，它极大地改进了现有方法。我们的关键思想是分类边界是图像空间中的流形：因此我们快速到达边界，然后优化该流形上的失真。