Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
124 tokens/sec
GPT-4o
8 tokens/sec
Gemini 2.5 Pro Pro
47 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Hard-label based Small Query Black-box Adversarial Attack (2403.06014v1)

Published 9 Mar 2024 in cs.LG, cs.AI, and cs.CV

Abstract: We consider the hard label based black box adversarial attack setting which solely observes predicted classes from the target model. Most of the attack methods in this setting suffer from impractical number of queries required to achieve a successful attack. One approach to tackle this drawback is utilising the adversarial transferability between white box surrogate models and black box target model. However, the majority of the methods adopting this approach are soft label based to take the full advantage of zeroth order optimisation. Unlike mainstream methods, we propose a new practical setting of hard label based attack with an optimisation process guided by a pretrained surrogate model. Experiments show the proposed method significantly improves the query efficiency of the hard label based black-box attack across various target model architectures. We find the proposed method achieves approximately 5 times higher attack success rate compared to the benchmarks, especially at the small query budgets as 100 and 250.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. https://github.com/huyvnphan.
  2. https://github.com/u39kun/deep-learning-benchmark. Technical report.
  3. https://pytorch.org/vision/stable/models.html.
  4. Practical black-box attacks on deep neural networks using efficient query mechanisms. The European Conference on Computer Vision, 2018.
  5. Decision based adversarial attacks: Reliable attacks against black-box machine learning models. International Conference on Learning Representation, 2018.
  6. Guessing smart: Biased sampling for efficient black-box adversarial attacks. arXiv preprent arXiv:1812.09803v3, 2019.
  7. On evaluating adversarial robustness. arXiv preprint arXiv:1902.06705, 2019.
  8. Hopskipjumpattack: A query-efficient decision-based attack. IEEE Symposium on Security and Privacy, 2020.
  9. Zoo: Zeroth order optimisation based black-box attacks to deep neural networks without training substitute models. ACM Workshop on Artificial Inteligence and Security, 2017.
  10. Sign-opt: A query-efficient hard-label adversarial attack. International Conference on Learning Representations, 2020.
  11. Imagenet: A large-scale hierarchical image database. IEEE Conference on Computer Vision and Pattern Recognition, 2009.
  12. ”deepfool”: A simple and accurate method to fool deep neural networks. IEEE Conference on Computer Vision and Pattern Recognition, 2016.
  13. Query-efficient black-box adversarial attacks guided by a transfer-based prior. arXiv:2203.06560v1, 2022.
  14. Boosting adversarial attacks with momentum. IEEE Conference on Computer Vision and Pattern Recognition, 2018.
  15. Evading defenses to transferable adversarial examples by translation-invariant attacks. IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019.
  16. Empirical comparison of ”hard” and ”soft” label propagation for relational classification. The 17th International Conference on Inductive Logic Programming, 2007.
  17. Explaining and harnessing adversarial examples. International Conference on Learning Representations, 2015.
  18. Simple black-box adversarial attacks. International Conference on Learning Representation, 2019.
  19. Black-box adversarial attack with transferable model-based embedding. International Conference on Learning Representations, 2020.
  20. Black-box adversarial attacks with limited queries and information. International Conference on Machine Learning, 2018.
  21. Prior convictions: Black-box adversarial attacks with bandits and priors. International Conference on Learning Representations, 2019.
  22. Adam: A method for stochastic optimizastion. International Conference on Learning Representations, 2015.
  23. Learning multiple layers of features from tiny images. Techinical Report, Citeseer, 2009.
  24. Qeba: Query-efficient boundary-based blackbox attack. IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2020.
  25. Nesterov accelerated gradient and scale invariance for adversarial attacks. International Conference on Learning Representations, 2020.
  26. Towards deep learning models resistant to adversarial attacks. International Conference on Learning Representations, 2018.
  27. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277, 2016.
  28. Practical black-box attacks against machine learning. Proceedings of the 2017 ACM on Asia conference on computer and communicaitons security, 2017.
  29. Intriguing properties of neural networks. International Conference on Learning Representations, 2013.
  30. The space of transferable adversarial examples. arXiv preprint arXiv:1704.03453, 2017.
  31. Autozoom: Autoencoder-based zeroth order optimization method for attacking black-box neural networks. The Thirty-Third AAAI Conference on Artificial Intelligence, 2019.
  32. Enhancing the transferability of adversarial attacks through variance tuning. IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2021.
  33. Improving transferability of adversarial examples with input diversity. IEEE Conference on Computer Vision and Pattern Recognition, 2019.
  34. Learning black-box attackers with transferable priors and query feedback. Conference on Neural Information Processing System, 2020.
  35. Adversarial eigen attack on black-box models. arXiv:2009.00097, 2020.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now