Advances in the development of adversarial attacks have been fundamental to the progress of adversarial defense research. Efficient and effective attacks are crucial for reliable evaluation of defenses, and also for developing robust models. Adversarial attacks are often generated by maximizing standard losses such as the cross-entropy loss or maximum-margin loss within a constraint set using Projected Gradient Descent (PGD). In this work, we introduce a relaxation term to the standard loss, that finds more suitable gradient-directions, increases attack efficacy and leads to more efficient adversarial training. We propose Guided Adversarial Margin Attack (GAMA), which utilizes function mapping of the clean image to guide the generation of adversaries, thereby resulting in stronger attacks. We evaluate our attack against multiple defenses and show improved performance when compared to existing attacks. Further, we propose Guided Adversarial Training (GAT), which achieves state-of-the-art performance amongst single-step defenses by utilizing the proposed relaxation term for both attack generation and training.

翻译：对抗性攻击的发展进展对于对抗性防御研究的进展至关重要。 高效而有效的攻击对于可靠地评估防御和开发稳健的模型至关重要。 反向攻击往往是通过最大限度地增加标准损失,如使用预测的梯子(PGD)在限制下造成的跨热带损失或最大海拔损失。 在这项工作中,我们对标准损失采用宽松的术语,找到更合适的梯度方向,提高攻击效力,并导致更有效的对抗性训练。 我们提议采用方向的Adversarial Margin攻击(GAMA),利用清洁图像的功能绘图来引导对手的产生,从而导致更强烈的攻击。我们评估了我们针对多重防御的攻击,并表明与现有攻击相比,我们表现出了更好的表现。 此外,我们提议采用指导性对抗性训练(GAT),通过利用拟议的放松术语来生成攻击和培训,在单步防御中实现最先进的表现。