This report presents the winning solution for Task 1 of Colliding with Adversaries: A Challenge on Robust Learning in High Energy Physics Discovery at ECML-PKDD 2025. The task required designing an adversarial attack against a provided classification model that maximizes misclassification while minimizing perturbations. Our approach employs a multi-round gradient-based strategy that leverages the differentiable structure of the model, augmented with random initialization and sample-mixing techniques to enhance effectiveness. The resulting attack achieved the best results in perturbation size and fooling success rate, securing first place in the competition.
翻译:本报告介绍了ECML-PKDD 2025“与对抗样本碰撞:高能物理发现中的鲁棒学习挑战”竞赛任务1的获胜解决方案。该任务要求针对给定的分类模型设计对抗攻击,在最大化误分类率的同时最小化扰动幅度。我们采用了一种基于梯度的多轮攻击策略,该策略利用模型的可微分结构,并结合随机初始化与样本混合技术以提升攻击效能。所提出的攻击在扰动幅度与欺骗成功率方面均取得最佳结果,最终在竞赛中获得第一名。
相关内容
微信扫码咨询专知VIP会员