Efficient Robustness Evaluation via Constraint Relaxation

Chao PAN; Yu WU; Ke TANG; Qing LI; Xin YAO

doi:10.1609/aaai.v39i6.32670

Efficient Robustness Evaluation via Constraint Relaxation

Chao PAN
, Yu WU
, Ke TANG
, Qing LI
, Xin YAO^*

^*Corresponding author for this work

School of Data Science

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Referred Conference Paper › peer-review

2 Citations (Scopus)

Abstract

The study of enhancing model robustness against adversarial examples has become increasingly critical in the security of deep learning, leading to the development of numerous adversarial defense techniques. While these defense methods have shown promise in mitigating the impact of adversarial perturbations, evaluating their effectiveness remains a critical challenge. The recently introduced AutoAttack technique has been recognized as a standardized method for assessing model robustness. However, the computational demands of the AutoAttack method significantly limits its applicability, underscoring the urgent need for efficient evaluation techniques. To address this challenge, we propose a novel and efficient evaluation framework based on strategic constraint relaxation. Our key insight is that temporarily expanding the adversarial perturbation bounds during the attack process can help discover more effective adversarial examples. Based on this insight, we develop the Constraint Relaxation Attack (CR Attack) method, which systematically relaxes and resets perturbation constraints during optimization. Extensive experiments on 105 robust models show that CR Attack outperforms AutoAttack in both attack success rate and efficiency, reducing forward and backward propagation time by 38.3× and 15.9× respectively. Through comprehensive analysis, we validate that the constraint relaxation mechanism is crucial for the method's effectiveness.

Original language	English
Title of host publication	Proceedings of the 39th Annual AAAI Conference on Artificial Intelligence
Publisher	PKP Publishing Services Network
Pages	6263-6271
Number of pages	9
Volume	39
Edition	6
DOIs	https://doi.org/10.1609/aaai.v39i6.32670
Publication status	Published - 11 Apr 2025

Publication series

Name	Proceedings of the AAAI Conference on Artificial Intelligence
Publisher	Association for the Advancement of Artificial Intelligence
ISSN (Print)	2159-5399

Bibliographical note

Publisher Copyright:
Copyright © 2025, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.

Funding

We extend our sincere thanks to the anonymous reviewers, whose detailed and thoughtful feedback led to substantial improvements in the manuscript. This work was supported by the National Natural Science Foundation of China under Grant 62250710682, Guangdong Provincial Key Laboratory under Grant 2020B121201001, and the Program for Guangdong Introducing Innovative and Entrepreneurial Teams under Grant 2017ZT07X386. The work described in this paper was (partially) supported by a grant from HK RGC Themebased Research Scheme (PolyU No.: T43-513/23-N).

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 5 Gender Equality
SDG 10 Reduced Inequalities

Access to Document

10.1609/aaai.v39i6.32670

https://ojs.aaai.org/index.php/AAAI/article/view/32670

Cite this

@inproceedings{16199ef8594d4e4fbdd7c43da8fb4d8c,

title = "Efficient Robustness Evaluation via Constraint Relaxation",

abstract = "The study of enhancing model robustness against adversarial examples has become increasingly critical in the security of deep learning, leading to the development of numerous adversarial defense techniques. While these defense methods have shown promise in mitigating the impact of adversarial perturbations, evaluating their effectiveness remains a critical challenge. The recently introduced AutoAttack technique has been recognized as a standardized method for assessing model robustness. However, the computational demands of the AutoAttack method significantly limits its applicability, underscoring the urgent need for efficient evaluation techniques. To address this challenge, we propose a novel and efficient evaluation framework based on strategic constraint relaxation. Our key insight is that temporarily expanding the adversarial perturbation bounds during the attack process can help discover more effective adversarial examples. Based on this insight, we develop the Constraint Relaxation Attack (CR Attack) method, which systematically relaxes and resets perturbation constraints during optimization. Extensive experiments on 105 robust models show that CR Attack outperforms AutoAttack in both attack success rate and efficiency, reducing forward and backward propagation time by 38.3× and 15.9× respectively. Through comprehensive analysis, we validate that the constraint relaxation mechanism is crucial for the method's effectiveness.",

author = "Chao PAN and Yu WU and Ke TANG and Qing LI and Xin YAO",

year = "2025",

month = apr,

day = "11",

doi = "10.1609/aaai.v39i6.32670",

language = "English",

volume = "39",

series = "Proceedings of the AAAI Conference on Artificial Intelligence",

publisher = "PKP Publishing Services Network",

pages = "6263--6271",

booktitle = "Proceedings of the 39th Annual AAAI Conference on Artificial Intelligence",

edition = "6",

}

Efficient Robustness Evaluation via Constraint Relaxation. / PAN, Chao; WU, Yu; TANG, Ke et al.
Proceedings of the 39th Annual AAAI Conference on Artificial Intelligence. Vol. 39 6. ed. PKP Publishing Services Network, 2025. p. 6263-6271 (Proceedings of the AAAI Conference on Artificial Intelligence).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Referred Conference Paper › peer-review

TY - GEN

T1 - Efficient Robustness Evaluation via Constraint Relaxation

AU - PAN, Chao

AU - WU, Yu

AU - TANG, Ke

AU - LI, Qing

AU - YAO, Xin

PY - 2025/4/11

Y1 - 2025/4/11

N2 - The study of enhancing model robustness against adversarial examples has become increasingly critical in the security of deep learning, leading to the development of numerous adversarial defense techniques. While these defense methods have shown promise in mitigating the impact of adversarial perturbations, evaluating their effectiveness remains a critical challenge. The recently introduced AutoAttack technique has been recognized as a standardized method for assessing model robustness. However, the computational demands of the AutoAttack method significantly limits its applicability, underscoring the urgent need for efficient evaluation techniques. To address this challenge, we propose a novel and efficient evaluation framework based on strategic constraint relaxation. Our key insight is that temporarily expanding the adversarial perturbation bounds during the attack process can help discover more effective adversarial examples. Based on this insight, we develop the Constraint Relaxation Attack (CR Attack) method, which systematically relaxes and resets perturbation constraints during optimization. Extensive experiments on 105 robust models show that CR Attack outperforms AutoAttack in both attack success rate and efficiency, reducing forward and backward propagation time by 38.3× and 15.9× respectively. Through comprehensive analysis, we validate that the constraint relaxation mechanism is crucial for the method's effectiveness.

AB - The study of enhancing model robustness against adversarial examples has become increasingly critical in the security of deep learning, leading to the development of numerous adversarial defense techniques. While these defense methods have shown promise in mitigating the impact of adversarial perturbations, evaluating their effectiveness remains a critical challenge. The recently introduced AutoAttack technique has been recognized as a standardized method for assessing model robustness. However, the computational demands of the AutoAttack method significantly limits its applicability, underscoring the urgent need for efficient evaluation techniques. To address this challenge, we propose a novel and efficient evaluation framework based on strategic constraint relaxation. Our key insight is that temporarily expanding the adversarial perturbation bounds during the attack process can help discover more effective adversarial examples. Based on this insight, we develop the Constraint Relaxation Attack (CR Attack) method, which systematically relaxes and resets perturbation constraints during optimization. Extensive experiments on 105 robust models show that CR Attack outperforms AutoAttack in both attack success rate and efficiency, reducing forward and backward propagation time by 38.3× and 15.9× respectively. Through comprehensive analysis, we validate that the constraint relaxation mechanism is crucial for the method's effectiveness.

UR - https://www.scopus.com/pages/publications/105003901844

U2 - 10.1609/aaai.v39i6.32670

DO - 10.1609/aaai.v39i6.32670

M3 - Conference paper (refereed)

VL - 39

T3 - Proceedings of the AAAI Conference on Artificial Intelligence

SP - 6263

EP - 6271

BT - Proceedings of the 39th Annual AAAI Conference on Artificial Intelligence

PB - PKP Publishing Services Network

ER -

Efficient Robustness Evaluation via Constraint Relaxation

Abstract

Publication series

Bibliographical note

Funding

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this