Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks

12/24/2018
by   Thomas Brunner, et al.
0

We consider adversarial examples in the black-box decision-based scenario. Here, an attacker has access to the final classification of a model, but not its parameters or softmax outputs. Most attacks for this scenario are based either on transferability, which is unreliable, or random sampling, which is extremely slow. Focusing on the latter, we propose to improve sampling-based attacks with prior beliefs about the target domain. We identify two such priors, image frequency and surrogate gradients, and discuss how to integrate them into a unified sampling procedure. We then formulate the Biased Boundary Attack, which achieves a drastic speedup over the original Boundary Attack. Finally, we demonstrate that our approach outperforms most state-of-the-art attacks in a query-limited scenario and is especially effective at breaking strong defenses: Our submission scored second place in the targeted attack track of the NeurIPS 2018 Adversarial Vision Challenge.

READ FULL TEXT

page 3

page 5

page 7

research
04/10/2023

Certifiable Black-Box Attack: Ensuring Provably Successful Attack for Adversarial Examples

Black-box adversarial attacks have shown strong potential to subvert mac...
research
03/13/2022

Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior

Adversarial attacks have been extensively studied in recent years since ...
research
12/19/2017

Query-Efficient Black-box Adversarial Examples

Current neural network-based image classifiers are susceptible to advers...
research
05/23/2023

QFA2SR: Query-Free Adversarial Transfer Attacks to Speaker Recognition Systems

Current adversarial attacks against speaker recognition systems (SRSs) r...
research
06/15/2021

Model Extraction and Adversarial Attacks on Neural Networks using Switching Power Information

Artificial neural networks (ANNs) have gained significant popularity in ...
research
08/03/2022

Spectrum Focused Frequency Adversarial Attacks for Automatic Modulation Classification

Artificial intelligence (AI) technology has provided a potential solutio...
research
09/15/2020

Switching Gradient Directions for Query-Efficient Black-Box Adversarial Attacks

We propose a simple and highly query-efficient black-box adversarial att...

Please sign up or login with your details

Forgot password? Click here to reset