Rethinking Classifier And Adversarial Attack. (arXiv:2205.02743v1 [cs.LG])

Various defense models have been proposed to resist adversarial attack
algorithms, but existing adversarial robustness evaluation methods always
overestimate the adversarial robustness of these models (i.e. not approaching
the lower bound of robustness). To solve this problem, this paper first uses
the Decouple Space method to divide the classifier into two parts: non-linear
and linear. On this basis, this paper defines the representation vector of
original example (and its space, i.e., the representation space) and uses
Absolute Classification Boundaries Initialization …

adversarial attack lg