A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Filters
Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior
[article]
2022
arXiv
pre-print
Preserved Fulltext
Our methods can take the advantage of a transfer-based prior given by the gradient of a surrogate model and the query information simultaneously. ...
To address these problems and improve black-box attacks, we propose two prior-guided random gradient-free (PRGF) algorithms based on biased sampling and gradient averaging, respectively. ...
(GA), respectively, which can utilize a transfer-based prior for query-efficient black-box attacks. ...
arXiv:2203.06560v1
fatcat:tj5p2fvwn5a4hb57gxhxp6wepq
Learning Black-Box Attackers with Transferable Priors and Query Feedback
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
By combining transferability-based and query-based black-box attack, we propose a surprisingly simple baseline approach (named SimBA++) using the surrogate model, which significantly outperforms several ...
This paper addresses the challenging black-box adversarial attack problem, where only classification confidence of a victim model is available. ...
Acknowledgments and Disclosure of Funding This work was supported by National Science Foundation of China (U20B200011, 61976137). ...
arXiv:2010.11742v1
fatcat:jymftjqk3baxzfbgq4zxc2kxtq
QAIR: Practical Query-efficient Black-Box Attacks for Image Retrieval
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
To further boost the attack efficiency, a recursive model stealing method is proposed to acquire transferable priors on the target model and generate the prior-guided gradients. ...
We study the query-based attack against image retrieval to evaluate its robustness against adversarial examples under the black-box setting, where the adversary only has query access to the top-k ranked ...
To further boost the attack efficiency, a recursive model stealing method is proposed to obtain transfer-based priors and generate prior-guided gradients. ...
arXiv:2103.02927v2
fatcat:htkz2fsnyvc2nclkmbtapaln4u
Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
To tackle this issue, we innovatively propose a black-box attack method by developing a novel mechanism of adversarial transferability, which is robust to the surrogate biases. ...
This work studies black-box adversarial attacks against deep neural networks (DNNs), where the attacker can only access the query feedback returned by the attacked DNN model, while other information such ...
There are generally three sub-categories of score-based black-box attacks, including transfer-based, query-based and query-and-transferbased attacks. 1) Transfer-based methods attempt to generate adversarial ...
arXiv:2006.08538v4
fatcat:pila4sc75few3picgf44csm46m
Adaptive Temporal Grouping for Black-box Adversarial Attacks on Videos
2022
Proceedings of the 2022 International Conference on Multimedia Retrieval
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To this end, we propose to boost the efficiency of black-box attacks on video recognition models. ...
However, these black-box attack methods are insufficient to attack videos models in real-world applications due to the requirement of lots of queries. ...
black box attack algorithm starts from a large adversarial perturbation. ...
doi:10.1145/3512527.3531411
fatcat:t4pywjez2rhvppfdou2f2dezby
Attack as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
LaS-GSA follows the Nullifying Attack to cancel the img2img translation process under a black-box setting. ...
Such misuses of img2img techniques present a challenging problem for society. In this work, we tackle the problem by introducing the Limit-Aware Self-Guiding Gradient Sliding Attack (LaS-GSA). ...
(red: the self-guiding prior; black: the transfer-based prior.)
Figure 7 : 7 Examples of typical responses when perturbing a single pixel in the input of model BLACK2BLOND. ...
arXiv:2110.02516v1
fatcat:aqem7c4vx5dndafm7byxwub22i
Improving Black-box Adversarial Attacks with a Transfer-based Prior
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
To address these problems, we propose a prior-guided random gradient-free (P-RGF) method to improve black-box adversarial attacks, which takes the advantage of a transfer-based prior and the query information ...
Previous methods tried to approximate the gradient either by using a transfer gradient of a surrogate white-box model, or based on the query feedback. ...
To address the aforementioned problems and improve black-box attacks, we propose a prior-guided random gradient-free (P-RGF) method to utilize the transfer-based prior for query-efficient blackbox attacks ...
arXiv:1906.06919v3
fatcat:ps23tpuyf5alfo73zcna5hm6ui
On the amplification of security and privacy risks by post-hoc explanations in machine learning models
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
First, we propose novel explanation-guided black-box evasion attacks that lead to 10 times reduction in query count for the same success rate. ...
Finally, we study explanation-guided model extraction attacks and demonstrate adversarial gains through a large reduction in query count. ...
However, the cumulative costs associated with a large number of queries can render a query-inefficient black-box attack impractical [9] . ...
arXiv:2206.14004v1
fatcat:rc6rpxe66vdmhctkjzmlokmk7m
Boosting Black-Box Adversarial Attacks with Meta Learning
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a hybrid attack method which trains meta adversarial perturbations (MAPs) on surrogate models and performs black-box attacks by estimating gradients of the models. ...
However, it has been demonstrated that DNNs are very vulnerable to adversarial examples even in black-box settings. A large number of black-box attack methods have been proposed to in the literature. ...
• Transfer-based methods Transfer-based methods perform black-box attacks based on the transferability of the adversarial examples. ...
arXiv:2203.14607v1
fatcat:agtdfzkqwjf6doobphv5hkzdua
Black-Box Adversarial Attack with Transferable Model-based Embedding
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
We present a new method for black-box adversarial attack. ...
We show that this approach can greatly improve the query efficiency of black-box adversarial attack across different target network architectures. ...
In this paper, we push the idea of using a pretrained white-box source network to guide black-box attack significantly further, by proposing a method called TRansferable EMbedding based Black-box Attack ...
arXiv:1911.07140v2
fatcat:nytxdb62r5alzhcctv6kicw5ky
Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019. ...
Overall, our paper surveys a wide body of literature to highlight recent attack developments and organizes them into four attack categories: score based attacks, decision based attacks, transfer attacks ...
In [13] they propose combining the query and transfer based attacks to create a more query efficient attack which they call the prior-guided random gradient-free method (P-RGF). ...
arXiv:2109.15031v1
fatcat:a7ifv5wcrng3pbxqneo7wqmcei
Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
We propose Blacklight, a new defense against query-based black-box adversarial attacks. ...
Blacklight detects query-based black-box attacks by detecting highly similar queries, using an efficient similarity engine operating on probabilistic content fingerprints. ...
Query-Based Black-Box Attacks. A more common and effective attack is query-based black-box attacks. ...
arXiv:2006.14042v3
fatcat:qy6fj3k3ejbxhotqizzwz4v7lq
Projection Probability-Driven Black-Box Attack
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Generating adversarial examples in a black-box setting retains a significant challenge with vast practical application prospects. ...
In this paper, we propose Projection Probability-driven Black-box Attack (PPBA) to tackle this problem by reducing the solution space and providing better optimization. ...
This work is supported by the Nature Sci- ...
arXiv:2005.03837v1
fatcat:zbvsrpb75zakzprqwpn5byqapa
Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks
2021
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019. ...
Overall, our paper surveys a wide body of literature to highlight recent attack developments and organizes them into four attack categories: score based attacks, decision based attacks, transfer attacks ...
QEBA: QUERY-EFFICIENT BOUNDARY-BASED BLACKBOX ATTACK Black-box attacks can be query-free or query-based. ...
doi:10.1109/access.2021.3138338
fatcat:r3m2dpcferdh7ivqn77nqdq3fe
Projection & Probability-Driven Black-Box Attack
2020
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Generating adversarial examples in a black-box setting retains a significant challenge with vast practical application prospects. ...
In this paper, we propose Projection & Probability-driven Black-box Attack (PPBA) to tackle this problem by reducing the solution space and providing better optimization. ...
There are two types of black-box attack methods, i.e., transfer-based attacks and query-based attacks: Transfer-Based Attacks. ...
doi:10.1109/cvpr42600.2020.00044
dblp:conf/cvpr/LiJ0LZDT20
fatcat:tuccmwioarbg5forqiyr7bzm7i
« Previous
Showing results 1 — 15 out of 2,069 results