RDI: An adversarial robustness evaluation metric for deep neural networks based on model statistical features

Jialei Song; Xingquan Zuo; Feiyang Wang; Hai Huang; Tianle Zhang

RDI: An adversarial robustness evaluation metric for deep neural networks based on model statistical features

Jialei Song, Xingquan Zuo, Feiyang Wang, Hai Huang, Tianle Zhang

Published: 07 May 2025, Last Modified: 13 Jun 2025UAI 2025 PosterEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Robustness evaluation; Deep neural networks; Decision boundary; Adversarial attack; Artificial intelligence security

TL;DR: We propose the Robustness Difference Index (RDI), a novel, attack-independent metric for evaluating adversarial robustness in deep neural networks, offering high computational efficiency and strong correlation with Attack Success Rate (ASR).

Abstract: Deep neural networks (DNNs) are highly susceptible to adversarial samples, raising concerns about their reliability in safety-critical tasks. Currently, methods of evaluating adversarial robustness are primarily categorized into attack-based and certified robustness evaluation approaches. The former not only relies on specific attack algorithms but also is highly time-consuming, while the latter due to its analytical nature, is typically difficult to implement for large and complex models. A few studies evaluate model robustness based on the model's decision boundary, but they suffer from low evaluation accuracy. To address the aforementioned issues, we propose a novel adversarial robustness evaluation metric, Robustness Difference Index (RDI), which is based on model statistical features. RDI draws inspiration from clustering evaluation by analyzing the intra-class and inter-class distances of feature vectors separated by the decision boundary to quantify model robustness. It is attack-independent and has high computational efficiency. Experiments show that, RDI demonstrates a stronger correlation with the gold-standard adversarial robustness metric of attack success rate (ASR). The average computation time of RDI is only 1/30 of the evaluation method based on the PGD attack. Our open-source code is available at: https://github.com/BUPTAIOC/RDI.

Latex Source Code: zip

Code Link: https://github.com/BUPTAIOC/RDI

Signed PMLR Licence Agreement: pdf

Readers: auai.org/UAI/2025/Conference, auai.org/UAI/2025/Conference/Area_Chairs, auai.org/UAI/2025/Conference/Reviewers, auai.org/UAI/2025/Conference/Submission289/Authors, auai.org/UAI/2025/Conference/Submission289/Reproducibility_Reviewers

Submission Number: 289

Loading