Evaluation of Neural Networks Defenses and Attacks using NDCG and Reciprocal Rank Metrics. (arXiv:2201.05071v1 [cs.CR])

The problem of attacks on neural networks through input modification (i.e.,
adversarial examples) has attracted much attention recently. Being relatively
easy to generate and hard to detect, these attacks pose a security breach that
many suggested defenses try to mitigate. However, the evaluation of the effect
of attacks and defenses commonly relies on traditional classification metrics,
without adequate adaptation to adversarial scenarios. Most of these metrics are
accuracy-based, and therefore may have a limited scope and low distinctive
power. Other …

arxiv attacks metrics networks neural networks