Energy Attack: On Transferring Adversarial Examples

09/09/2021
by   Ruoxi Shi, et al.
0

In this work we propose Energy Attack, a transfer-based black-box L_∞-adversarial attack. The attack is parameter-free and does not require gradient approximation. In particular, we first obtain white-box adversarial perturbations of a surrogate model and divide these perturbations into small patches. Then we extract the unit component vectors and eigenvalues of these patches with principal component analysis (PCA). Base on the eigenvalues, we can model the energy distribution of adversarial perturbations. We then perform black-box attacks by sampling from the perturbation patches according to their energy distribution, and tiling the sampled patches to form a full-size adversarial perturbation. This can be done without the available access to victim models. Extensive experiments well demonstrate that the proposed Energy Attack achieves state-of-the-art performance in black-box attacks on various models and several datasets. Moreover, the extracted distribution is able to transfer among different model architectures and different datasets, and is therefore intrinsic to vision architectures.

READ FULL TEXT
research
06/15/2020

Efficient Black-Box Adversarial Attack Guided by the Distribution of Adversarial Perturbations

This work studied the score-based black-box adversarial attack problem, ...
research
07/12/2021

EvoBA: An Evolution Strategy as a Strong Baseline forBlack-Box Adversarial Attacks

Recent work has shown how easily white-box adversarial attacks can be ap...
research
02/24/2020

A Model-Based Derivative-Free Approach to Black-Box Adversarial Examples: BOBYQA

We demonstrate that model-based derivative free optimisation algorithms ...
research
12/10/2021

Learning to Learn Transferable Attack

Transfer adversarial attack is a non-trivial black-box adversarial attac...
research
05/28/2019

Cross-Domain Transferability of Adversarial Perturbations

Adversarial examples reveal the blind spots of deep neural networks (DNN...
research
06/19/2023

Eigenpatches – Adversarial Patches from Principal Components

Adversarial patches are still a simple yet powerful white box attack tha...
research
06/08/2022

Autoregressive Perturbations for Data Poisoning

The prevalence of data scraping from social media as a means to obtain d...

Please sign up or login with your details

Forgot password? Click here to reset