Cancela, BraisBolón-Canedo, VerónicaAlonso-Betanzos, Amparo2024-11-202024-11-202021B. Cancela, V. Bolón-Canedo and A. Alonso-Betanzos, "A delayed Elastic-Net approach for performing adversarial attacks," 2020 25th International Conference on Pattern Recognition (ICPR), Milan, Italy, 2021, pp. 378-384, doi: 10.1109/ICPR48806.2021.9413170.http://hdl.handle.net/2183/40205Presented at: 5th International Conference on Pattern Recognition, ICPR 2020, Virtual, Milan, 10-15 January 2021This version of the paper has been accepted for publication. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The final published paper is available online at: https://doi.org/10.1109/ICPR48806.2021.9413170[Abstract]: With the rise of the so-called Adversarial Attacks, there is an increased concern on model security. In this paper we present two different contributions: novel measures of robustness (based on adversarial attacks) and a novel adversarial attack. The key idea behind these metrics is to obtain a measure that could compare different architectures, with independence of how the input is preprocessed (robustness against different input sizes and value ranges). To do so, a novel adversarial attack is presented, performing a delayed elastic-net adversarial attack (constraints are only used whenever a successful adversarial attack is obtained). Experimental results show that our approach obtains state-of-the-art adversarial samples, in terms of minimal perturbation distance. Finally, a benchmark of ImageNet pretrained models is used to conduct experiments aiming to shed some light about which model should be selected whenever security is a role factor.eng© 2021, IEEEPerturbation methodsData preprocessingBenchmark testingSize measurementRobustnessPattern recognitionSecurityconference outputopen access10.1109/ICPR48806.2021.9413170