Et Tu Certifications: Robustness Certificates Yield Better Adversarial Examples

arXiv:2302.04379v3 Announce Type: replace-cross
Abstract: In guaranteeing the absence of adversarial examples in an instance's neighbourhood, certification mechanisms play an important role in demonstrating neural net robustness. In this paper, we ask if these certifications can compromise the very models they help to protect? Our new \emph{Certification Aware Attack} exploits certifications to produce computationally efficient norm-minimising adversarial examples $74 \%$ more often than comparable attacks, while reducing the median perturbation norm by more than $10\%$. While these attacks can be …

adversarial arxiv ask attack aware can certificates certification certifications compromise cs.cr cs.lg examples exploits important instance play protect robustness role