Frank-Wolfe Variants for Adversarial Attacks. Final Project for Optimization for Data Science Course, UniPD
Author: Marco Uderzo
The goal of this project is to compare the behaviour and performance of two Zeroth-Order variants of the Frank-Wolfe Algorithm, aimed at solving constrained optimization problems with a better iteration complexity, expecially with respect to oracle queries.
We take into consideration: Faster Zeroth-Order Conditional Gradient Sliding (FZCGS) (Gao et al., 2020) and Stochastic Gradient Free Frank Wolfe (SGFFW) (Sahu et al., 2019). The latter algorithm branches off into three slightly different ones, depending on the Stochastic Approximation Technique used, namely: classical Kiefer-Wolfowitz Stochastic Approximation (KWSA) (Kiefer and Wolfowitz, 1952), Random Directions Stochastic Approximation (RDSA) (Nesterov and Spokoiny, 2011; Duchi et al., 2015), and an Improvised RDSA (IRDSA).
The theory behind these algorithms is presented, with an emphasis on proving that the performance are guaranteed. Then, the aforementioned algorithms are tested on a black-box adversarial attack on the MNIST dataset.
- IBM/ZOSVRG-BlackBox-Adv : base repository used in the Gao et al. paper, which is used as a framework to implement the optimization algorithms and test them on MNIST Adversarial Attacks.
- carlini/nn_robust_attacks : repository used by the IBM repo as a base for the Adversarial Attacks framework.