An Evolutionary, Gradient-Free, Query-Efficient, Black-Box Algorithm for Generating Adversarial Instances in Deep Networks

08/17/2022
by   Raz Lapid, et al.
17

Deep neural networks (DNNs) are sensitive to adversarial data in a variety of scenarios, including the black-box scenario, where the attacker is only allowed to query the trained model and receive an output. Existing black-box methods for creating adversarial instances are costly, often using gradient estimation or training a replacement network. This paper introduces Query-Efficient Evolutionary Attack, QuEry Attack, an untargeted, score-based, black-box attack. QuEry Attack is based on a novel objective function that can be used in gradient-free optimization problems. The attack only requires access to the output logits of the classifier and is thus not affected by gradient masking. No additional information is needed, rendering our method more suitable to real-life situations. We test its performance with three different state-of-the-art models – Inception-v3, ResNet-50, and VGG-16-BN – against three benchmark datasets: MNIST, CIFAR10 and ImageNet. Furthermore, we evaluate QuEry Attack's performance on non-differential transformation defenses and state-of-the-art robust models. Our results demonstrate the superior performance of QuEry Attack, both in terms of accuracy score and query efficiency.

READ FULL TEXT

page 2

page 7

page 9

research
05/28/2018

GenAttack: Practical Black-box Attacks with Gradient-Free Optimization

Deep neural networks (DNNs) are vulnerable to adversarial examples, even...
research
06/08/2023

A Melting Pot of Evolution and Learning

We survey eight recent works by our group, involving the successful blen...
research
06/06/2019

Query-efficient Meta Attack to Deep Neural Networks

Recently, several adversarial attack methods to black-box deep neural ne...
research
11/29/2019

Square Attack: a query-efficient black-box adversarial attack via random search

We propose the Square Attack, a new score-based black-box l_2 and l_∞ ad...
research
11/27/2022

Foiling Explanations in Deep Neural Networks

Deep neural networks (DNNs) have greatly impacted numerous fields over t...
research
06/04/2021

DOCTOR: A Simple Method for Detecting Misclassification Errors

Deep neural networks (DNNs) have shown to perform very well on large sca...
research
10/12/2018

Facility Locations Utility for Uncovering Classifier Overconfidence

Assessing the predictive accuracy of black box classifiers is challengin...

Please sign up or login with your details

Forgot password? Click here to reset