Abstract
Adversarial attack reveals the vulnerability of deep learning models. Forabout a decade, countless attack and defense methods have been proposed,leading to robustified classifiers and better understanding of models. Amongthese methods, curvature-based approaches have attracted attention because itis assumed that high curvature may give rise to rough decision boundary.However, the most commonly used \textit{curvature} is the curvature of lossfunction, scores or other parameters from within the model as opposed todecision boundary curvature, since the former can be relatively easily formedusing second order derivative. In this paper, we propose a new query-efficientmethod, dynamic curvature estimation(DCE), to estimate the decision boundarycurvature in a black-box setting. Our approach is based on CGBA, a black-boxadversarial attack. By performing DCE on a wide range of classifiers, wediscovered, statistically, a connection between decision boundary curvature andadversarial robustness. We also propose a new attack method, curvature dynamicblack-box attack(CDBA) with improved performance using the dynamicallyestimated curvature.