Evaluating Model Robustness Using Adaptive Sparse L0 Regularization
Weiyou Liu, Zhenyang Li, Weitong Chen
TL;DR
The paper tackles the vulnerability of deep neural networks to adversarial inputs, focusing on sparse perturbations under the $L_0$ norm to reveal weaknesses not captured by conventional norms. It introduces Adaptive Sparse and Lightweight Optimization (ASLO), a differentiable $L_0$-approximation method with real-time adaptivity that guides perturbations to be small yet effective. The authors demonstrate ASLO’s ability to balance attack efficacy with sparsity, validate it on time-series datasets and multiple model architectures, and extend its use to common gradient-based attacks like GM_PGD and CW, resulting in reduced perturbation distances without sacrificing attack success. These findings advance robustness evaluation and have practical implications for designing defenses in time-series and other domains against highly adaptive adversaries.
Abstract
Deep Neural Networks have demonstrated remarkable success in various domains but remain susceptible to adversarial examples, which are slightly altered inputs designed to induce misclassification. While adversarial attacks typically optimize under Lp norm constraints, attacks based on the L0 norm, prioritising input sparsity, are less studied due to their complex and non convex nature. These sparse adversarial examples challenge existing defenses by altering a minimal subset of features, potentially uncovering more subtle DNN weaknesses. However, the current L0 norm attack methodologies face a trade off between accuracy and efficiency either precise but computationally intense or expedient but imprecise. This paper proposes a novel, scalable, and effective approach to generate adversarial examples based on the L0 norm, aimed at refining the robustness evaluation of DNNs against such perturbations.