Revisiting derivative-free algorithms in the context of black-box adversarial attacks

par Clément Royer

mardi 10 mars 2026, 11:15 → 12:15 Europe/Paris

Salle K. Johnson (1R3, 1er étage)

Optimizing a function in a black-box manner, i.e. with only access to function values, is a paradigm that arises in numerous areas of computational science and engineering. In recent years, various machine learning applications, such as hyperparameter tuning or architecture search, have also been formulated as black-box optimization problems. Traditional numerical algorithms for black-box optimization, termed zeroth-order or derivative-free in different communities, typically struggle to tackle high-dimensional problems, which limits their applicability to learning settings. As a result, developing scalable variants of these algorithms tailored to learning applications has become an active area of research.

 

In this talk, I will discuss how the development of black-box adversarial attacks has become a source of applications for the derivative-free optimization community and has led to new algorithmic developments. To this end, I will first introduce adversarial examples, and the associated optimization formulations. I will then describe the main classes of derivative-free algorithms that have been applied to designing black-box adversarial attacks, and compare them to other popular schemes from machine learning and theoretical computer science. I will finally present recent results on tackling high dimensionality through both Riemannian optimization formulations and randomized subspace techniques.