Minimizing Maximum Model Discrepancy for Transferable Black-box Targeted Attacks

12/18/2022
by   Anqi Zhao, et al.
0

In this work, we study the black-box targeted attack problem from the model discrepancy perspective. On the theoretical side, we present a generalization error bound for black-box targeted attacks, which gives a rigorous theoretical analysis for guaranteeing the success of the attack. We reveal that the attack error on a target model mainly depends on empirical attack error on the substitute model and the maximum model discrepancy among substitute models. On the algorithmic side, we derive a new algorithm for black-box targeted attacks based on our theoretical analysis, in which we additionally minimize the maximum model discrepancy(M3D) of the substitute models when training the generator to generate adversarial examples. In this way, our model is capable of crafting highly transferable adversarial examples that are robust to the model variation, thus improving the success rate for attacking the black-box model. We conduct extensive experiments on the ImageNet dataset with different classification models, and our proposed approach outperforms existing state-of-the-art methods by a significant margin. Our codes will be released.

READ FULL TEXT

page 7

page 8

research
03/07/2022

Art-Attack: Black-Box Adversarial Attack via Evolutionary Art

Deep neural networks (DNNs) have achieved state-of-the-art performance i...
research
08/13/2021

Optical Adversarial Attack

We introduce OPtical ADversarial attack (OPAD). OPAD is an adversarial a...
research
09/29/2022

Towards Lightweight Black-Box Attacks against Deep Neural Networks

Black-box attacks can generate adversarial examples without accessing th...
research
05/04/2021

Broadly Applicable Targeted Data Sample Omission Attacks

We introduce a novel clean-label targeted poisoning attack on learning m...
research
05/19/2019

Things You May Not Know About Adversarial Example: A Black-box Adversarial Image Attack

Numerous methods for crafting adversarial examples were proposed recentl...
research
10/21/2019

Maximum Probability Principle and Black-Box Priors

We present an axiomatic way of assigning probabilities to black box mode...
research
02/26/2020

Lipschitz standardization for robust multivariate learning

Current trends in machine learning rely on out-of-the-box gradient-based...

Please sign up or login with your details

Forgot password? Click here to reset