Exciting news! Together with @LorenzoCazz, our tutorial Towards Adversarially Robust ML in The Age of The AI Act is accepted at ECAI 2025! Learn how to secure AI in high-risk settings & meet new EU rules. 📅 Bologna, Oct 25–30.🔗 #ECAI2025 #TrustworthyAI.

Joint collaboration with @jerome_rony @maurapintor @zangobot @ambrademontis @biggiobattista @IsmailBenAyed1 @fabiogroli.

🌟 AttackBench is open-source, allowing researchers to contribute and update the leaderboard of existing attacks. 📜 Paper: 🧑‍💻 GitHub: 🏆 Online LeaderBoard: #OpenSource #ResearchCommunity #Robustness.

5. Key Ingredients: Successful attacks often use normalization or linear approximation on the gradient, with adaptive step size schedules proving beneficial. Gradient descent is the predominant optimizer, occasionally supplemented by Adam or momentum variants.

4. Library Impact: High-ranking attacks often come from AdvLib and Foolbox. In contrast, implementations from Art, Cleverhans, and Deeprobust generally underperform. For example, APGD's optimality drops from 90.9% to 26% when implemented in Art due to a key parameter difference.

3. Efficiency vs. Optimality: Top-ranked attacks in terms of GO don’t always balance efficiency. For instance, APGD’s optimality for ImageNet is slightly better than PDPGD’s but is 3× slower.

2. No Perfect Attack: None of the tested attacks reaches 100% of global optimality (GO), suggesting that combining attacks can still enhance robustness evaluations obtained with single (non-optimal) attacks.

AttackBench reveals some fascinating trends:. 1. APGD Versatility: APGD, typically a FixedBudget attack, shows excellent results as a MinNorm attack. This suggests that combining APGD with the search strategy in Sect. IV-A can efficiently find small perturbations.

⚔️ Evaluating Defense Mechanisms: AttackBench is your go-to benchmark for identifying the most promising attacks to exploit when testing defenses. Avoid relying on buggy or suboptimal attacks and ensure fair, transparent evaluations in cybersecurity. #CyberSecurity #AttackBench.

🔄 Shared Environment: With a shared and replicable evaluation environment, AttackBench ensures consistency in assessing attack strategies, making it easier for researchers to conduct reliable evaluations.

🔍 Query Tracking: AttackBench includes query tracking to enhance evaluation transparency, allowing fair comparisons by standardizing the number of queries each attack can leverage. #AdversarialAttacks

🏆 Optimality Metric: We introduce a novel optimality metric, offering a fair and effective way to rank adversarial attacks based on the quality of the generated adversarial examples across entire security evaluation curves. #CyberSecurity #Benchmark

📊 Attack Categorization: AttackBench provides a unified framework for categorizing adversarial attacks, simplifying the comparison and understanding of different attack strategies. #AttackBench #AdversarialAttacks #AdversarialExample #AISecurity

🎯 What's new in AttackBench? It brings a unified framework for categorizing attacks, the novel optimality metric for comprehensive evaluation, and extensive testing of 102 attacks across 800 configurations. Say goodbye to biased evaluations and hello to reliable benchmarks!

🔍Current State of the Art Limitations.- Overfitting of metrics within individual studies.- Difficulty in comparing attacks with different perturbation budget.- Inconsistencies in attack implementations and results.- Need for a more comprehensive and reliable evaluation framework.

🚨 New research alert! AttackBench introduces a fair comparison benchmark for gradient-based attacks, addressing limitations in current evaluation methods. 📜Paper: 🏆LeaderBoard: #MLSecurity #AdversarialAttacks #AI #adversarial

RT @piraxtor: (1/5) Super excited that I will be presenting Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technica….

RT @maurapintor: 📢 Call for Papers: Workshop on "Human Aligned AI: Towards Algorithms that Humans Can Trust." Discuss trustworthiness in AI….

@biggiobattista @KathrinGrosse @ambrademontis @PelilloMarcello @fabiogroli Amazing joint collaboration with.@KathrinGrosse.@ambrademontis.@biggiobattista.@fabiogroli.@PelilloMarcello!.

🚀Excited to share that our paper, Machine Learning Security Against Data Poisoning: Are We There Yet? has been accepted for the #TrustworthyAI special issue in #IEEE Computer. We tackle #data #poisoning attacks and defenses, exploring their limits and future research directions