Robustness evaluation of image classification models based on edge features: Tight and Non-Tight boundaries

State-of-the-art deep neural networks (DNNs) are susceptible to adversarial images, posing a significant threat to safety-critical tasks. The white-box attack is an effective method for testing the robustness of models. Compared to modifying the entire image, perturbing specific image features that impact model decisions while remaining imperceptible to human eyes is more threatening. Besides, more informative and accurate evaluation metrics are needed for robustness assessment. Therefore, this paper initially proposes a set of metrics to demonstrate the significance of edge features in image classification models and validate it across 3 different datasets. Drawing inspiration from the minimum perturbation distance and boundary thickness, we propose Non-Tight boundary width and Tight boundary width as robustness evaluation metrics based on statistical analysis. Finally, a method called E-IFGSM is proposed to generate robustness testing examples on both sides of the decision boundary against the edge feature. To validate the proposed robustness evaluating approach, extensive experiments are conducted on 14 CIFAR10 models with varying structures and training stages, obtaining interesting conclusions regarding the robustness of models. Additionally, the robustness evaluation method is versatile and also extended to the Deepfool method to evaluate the robustness of models from the perspective of entire images.