SpringerLink
Log in

POSTER: A Fine-Grained Metric for Evaluating the Performance of Adversarial Attacks and Defenses

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13907))

Included in the following conference series:

  • 456 Accesses

Abstract

Over the past decade, the development of both adversarial attack methods and defense strategies has accelerated rapidly. Classification accuracy has been predominantly used as the sole metric for assessing model performance. However, when the reported accuracy rates of two models are identical or very similar, it becomes challenging to determine which model is superior. To address this issue and offer more insights into model performance, this study introduces a novel classification performance metric: the confidence gap. This metric is defined as the difference in confidence level between the true label and either the top 1 prediction or the second-best prediction, depending on the accuracy of the image classification. The confidence level, as indicated by its sign, reflects the correctness of the classification and provides more detailed information on the robustness of the classification result. Recognizing that evaluation results may be inconsistent when employing different criteria, we recommend that future research in this field should report the confidence gap alongside accuracy rates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples, ar**v preprint ar**v:1412.6572 (2014)

  2. Carlini, N., Wagner, D., “Towards evaluating the robustness of neural networks.” In: IEEE Symposium on Security and Privacy (SP), vol. 2017, pp. 39–57. IEEE (2017)

    Google Scholar 

  3. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. ar**v preprint ar**v:1706.06083 (2017)

  4. Croce, F., Hein, M.: Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. in International Conference on Machine Learning, pp. 2206–2216. PMLR (2020)

    Google Scholar 

  5. Papernot, N., et al.: Technical report on the cleverhans v2.1.0 adversarial examples library. ar**v preprint ar**v:1610.00768 (2018)

  6. Nicolae, M.-I., et al.: Adversarial robustness toolbox v1.2.0. CoRR, vol. 1807.01069 (2018).https://arxiv.org/pdf/1807.01069

  7. Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818–2826 (2016)

    Google Scholar 

  8. Russakovsky, O., et al.: ImageNet large scale visual recognition challenge. Int. J. Comput. Vis. (IJCV) 115(3), 211–252 (2015)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgement

This work is partially supported by JSPS international scientific exchanges between Japan and India (Bilateral Program DTS-JSPS) (2022-2024). We thank Prof. Hideki Murahara for his helpful comments, which greatly improved the quality of this manuscript.

Author information

Authors and Affiliations

  1. Department of Information Science and Technology, Graduate School of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan

    Haibo Zhang

  2. Faculty of Economics and Business Administration, The University of Kitakyushu, Kitakyushu, Japan

    Zhihua Yao

  3. Department of Information Science and Technology, Faculty of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan

    Kouichi Sakurai

Authors
  1. Haibo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhihua Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kouichi Sakurai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Haibo Zhang .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  3. Shandong University of Science and Technology, Qingdao, China

    Zengpeng Li

  4. University of Science and Technology of China, Hefei, China

    **gqiang Lin

  5. University of Padua, Padua, Italy

    Eleonora Losiouk

  6. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  7. Illinois at Singapore Pte Ltd., Singapore, Singapore

    Daisuke Mashima

  8. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  9. Radboud University Nijmegen, Nijmegen, The Netherlands

    Stjepan Picek

  10. Florida International University, Miami, FL, USA

    Mohammad Ashiqur Rahman

  11. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  12. SECOM Co., Ltd., University of Tsukuba, Tokyo / Ibaraki, Japan

    Masaki Shimaoka

  13. Royal Holloway University of London, Egham, UK

    Ezekiel Soremekun

  14. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  15. Universiti Sains Malaysia, Gelugor, Malaysia

    Je Sen Teh

  16. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Aleksei Udovenko

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  18. Griffith University, Southport, QLD, Australia

    Leo Zhang

  19. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, H., Yao, Z., Sakurai, K. (2023). POSTER: A Fine-Grained Metric for Evaluating the Performance of Adversarial Attacks and Defenses. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-41181-6_41

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-41180-9

  • Online ISBN: 978-3-031-41181-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation