Filters








8 Hits in 3.9 sec

GeoDA: a geometric framework for black-box adversarial attacks [article]

Ali Rahmati, Seyed-Mohsen Moosavi-Dezfooli, Pascal Frossard, and Huaiyu Dai
2020 arXiv   pre-print
We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning  ...  Finally, experimental results confirm that our principled black-box attack algorithm performs better than state-of-the-art algorithms as it generates smaller perturbations with a reduced number of queries  ...  M. is supported by a Google Postdoctoral Fellowship.  ... 
arXiv:2003.06468v1 fatcat:ift7zpjhjbgitobhbvctx3ms2m

GeoDA: A Geometric Framework for Black-Box Adversarial Attacks

Ali Rahmati, Seyed-Mohsen Moosavi-Dezfooli, Pascal Frossard, Huaiyu Dai
2020 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)  
We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning  ...  Finally, experimental results confirm that our principled black-box attack algorithm performs better than state-of-the-art algorithms as it generates smaller perturbations with a reduced number of queries  ...  M. is supported by a Google Postdoctoral Fellowship.  ... 
doi:10.1109/cvpr42600.2020.00847 dblp:conf/cvpr/RahmatiMFD20 fatcat:ab6gcvvhsvd53jtboqjosppjxy

On the Effectiveness of Small Input Noise for Defending Against Query-based Black-Box Attacks [article]

Junyoung Byun, Hyojun Go, Changick Kim
2021 arXiv   pre-print
Many studies have shown that attacks are also possible even in a black-box setting where an adversary cannot access the target model's internal information.  ...  Most black-box attacks are based on queries, each of which obtains the target model's output for an input, and many recent studies focus on reducing the number of required queries.  ...  In a black-box threat model, an adversary has a clean image x 0 whose class index is c 0 and wants to generate an adversarial example x = x 0 + δ to fool a target model f .  ... 
arXiv:2101.04829v2 fatcat:s6qkng7cfzde7pmqi3u7xzkove

Triangle Attack: A Query-efficient Decision-based Adversarial Attack [article]

Xiaosen Wang, Zeliang Zhang, Kangheng Tong, Dihong Gong, Kun He, Zhifeng Li, Wei Liu
2022 arXiv   pre-print
Decision-based attack poses a severe threat to real-world applications since it regards the target model as a black box and only accesses the hard prediction label.  ...  In this work, we find that a benign sample, the current and the next adversarial examples can naturally construct a triangle in a subspace for any iterative attacks.  ...  Among the black-box attacks, decision-based attack is more challenging and practical due to the minimum information requirement for attack.  ... 
arXiv:2112.06569v3 fatcat:vtxkg3tt3bgrve4m6biql5caye

Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks [article]

Kaleel Mahmood, Rigel Mahmood, Ethan Rathbun, Marten van Dijk
2021 arXiv   pre-print
Our survey summarizes and categorizes 20 recent black-box attacks. We also present a new analysis for understanding the attack success rate with respect to the adversarial model used in each paper.  ...  In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019.  ...  Geometric Decision-based Attacks Geometric decision-based attacks (GeoDA) are a subset of decision based black box attacks proposed in [47] that can achieve high attack success rates while requiring  ... 
arXiv:2109.15031v1 fatcat:a7ifv5wcrng3pbxqneo7wqmcei

Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks

Kaleel Mahmood, Rigel Mahmood, Ethan Rathbun, Marten Van Dijk
2021 IEEE Access  
Our survey summarizes and categorizes 20 recent black-box attacks. We also present a new analysis for understanding the attack success rate with respect to the adversarial model used in each paper.  ...  INDEX TERMS Adversarial machine learning, adversarial examples, adversarial defense, black-box attack, security, deep learning.  ...  BLACK-BOX ATTACK CATEGORIZATION We can divide black-box attacks according to the general adversarial model that is assumed for the attack.  ... 
doi:10.1109/access.2021.3138338 fatcat:r3m2dpcferdh7ivqn77nqdq3fe

Transferable Sparse Adversarial Attack [article]

Ziwen He, Wei Wang, Jing Dong, Tieniu Tan
2021 arXiv   pre-print
Despite a high attack success rate, prior sparse attack methods achieve a low transferability under the black-box protocol due to overfitting the target model.  ...  Deep neural networks have shown their vulnerability to adversarial attacks.  ...  Recently, Sparse-RS [6] proposes a framework based on random search for score-based sparse attacks in the black-box setting.  ... 
arXiv:2105.14727v1 fatcat:c7stz7hhvnb63ak4z3rg6acbr4

Finding Optimal Tangent Points for Reducing Distortions of Hard-label Attacks [article]

Chen Ma, Xiangyu Guo, Li Chen, Jun-Hai Yong, Yisen Wang
2022 arXiv   pre-print
One major problem in black-box adversarial attacks is the high query complexity in the hard-label attack setting, where only the top-1 predicted label is available.  ...  In this paper, we propose a novel geometric-based approach called Tangent Attack (TA), which identifies an optimal tangent point of a virtual hemisphere located on the decision boundary to reduce the distortion  ...  Conclusion In this paper, we propose a new geometric-based method for query-efficient hard-label black-box attacks.  ... 
arXiv:2111.07492v5 fatcat:n27o3e2gbrgsfkxvjdh6vrzjjm