A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
GeoDA: a geometric framework for black-box adversarial attacks
[article]
2020
arXiv
pre-print
Preserved Fulltext
We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning ...
Finally, experimental results confirm that our principled black-box attack algorithm performs better than state-of-the-art algorithms as it generates smaller perturbations with a reduced number of queries ...
M. is supported by a Google Postdoctoral Fellowship. ...
arXiv:2003.06468v1
fatcat:ift7zpjhjbgitobhbvctx3ms2m
GeoDA: A Geometric Framework for Black-Box Adversarial Attacks
2020
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning ...
Finally, experimental results confirm that our principled black-box attack algorithm performs better than state-of-the-art algorithms as it generates smaller perturbations with a reduced number of queries ...
M. is supported by a Google Postdoctoral Fellowship. ...
doi:10.1109/cvpr42600.2020.00847
dblp:conf/cvpr/RahmatiMFD20
fatcat:ab6gcvvhsvd53jtboqjosppjxy
On the Effectiveness of Small Input Noise for Defending Against Query-based Black-Box Attacks
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Many studies have shown that attacks are also possible even in a black-box setting where an adversary cannot access the target model's internal information. ...
Most black-box attacks are based on queries, each of which obtains the target model's output for an input, and many recent studies focus on reducing the number of required queries. ...
In a black-box threat model, an adversary has a clean image x 0 whose class index is c 0 and wants to generate an adversarial example x = x 0 + δ to fool a target model f . ...
arXiv:2101.04829v2
fatcat:s6qkng7cfzde7pmqi3u7xzkove
Triangle Attack: A Query-efficient Decision-based Adversarial Attack
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Decision-based attack poses a severe threat to real-world applications since it regards the target model as a black box and only accesses the hard prediction label. ...
In this work, we find that a benign sample, the current and the next adversarial examples can naturally construct a triangle in a subspace for any iterative attacks. ...
Among the black-box attacks, decision-based attack is more challenging and practical due to the minimum information requirement for attack. ...
arXiv:2112.06569v3
fatcat:vtxkg3tt3bgrve4m6biql5caye
Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Our survey summarizes and categorizes 20 recent black-box attacks. We also present a new analysis for understanding the attack success rate with respect to the adversarial model used in each paper. ...
In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019. ...
Geometric Decision-based Attacks Geometric decision-based attacks (GeoDA) are a subset of decision based black box attacks proposed in [47] that can achieve high attack success rates while requiring ...
arXiv:2109.15031v1
fatcat:a7ifv5wcrng3pbxqneo7wqmcei
Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks
2021
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Our survey summarizes and categorizes 20 recent black-box attacks. We also present a new analysis for understanding the attack success rate with respect to the adversarial model used in each paper. ...
INDEX TERMS Adversarial machine learning, adversarial examples, adversarial defense, black-box attack, security, deep learning. ...
BLACK-BOX ATTACK CATEGORIZATION We can divide black-box attacks according to the general adversarial model that is assumed for the attack. ...
doi:10.1109/access.2021.3138338
fatcat:r3m2dpcferdh7ivqn77nqdq3fe
Transferable Sparse Adversarial Attack
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Despite a high attack success rate, prior sparse attack methods achieve a low transferability under the black-box protocol due to overfitting the target model. ...
Deep neural networks have shown their vulnerability to adversarial attacks. ...
Recently, Sparse-RS [6] proposes a framework based on random search for score-based sparse attacks in the black-box setting. ...
arXiv:2105.14727v1
fatcat:c7stz7hhvnb63ak4z3rg6acbr4
Finding Optimal Tangent Points for Reducing Distortions of Hard-label Attacks
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2022 pre-print arXiv:2111.07492v4 fatcat:pq5uxs2mwzew5gfw6eazoi2qo4Other Versions
One major problem in black-box adversarial attacks is the high query complexity in the hard-label attack setting, where only the top-1 predicted label is available. ...
In this paper, we propose a novel geometric-based approach called Tangent Attack (TA), which identifies an optimal tangent point of a virtual hemisphere located on the decision boundary to reduce the distortion ...
Conclusion In this paper, we propose a new geometric-based method for query-efficient hard-label black-box attacks. ...
arXiv:2111.07492v5
fatcat:n27o3e2gbrgsfkxvjdh6vrzjjm