Filters








2,069 Hits in 7.7 sec

Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior [article]

Yinpeng Dong, Shuyu Cheng, Tianyu Pang, Hang Su, Jun Zhu
2022 arXiv   pre-print
Our methods can take the advantage of a transfer-based prior given by the gradient of a surrogate model and the query information simultaneously.  ...  To address these problems and improve black-box attacks, we propose two prior-guided random gradient-free (PRGF) algorithms based on biased sampling and gradient averaging, respectively.  ...  (GA), respectively, which can utilize a transfer-based prior for query-efficient black-box attacks.  ... 
arXiv:2203.06560v1 fatcat:tj5p2fvwn5a4hb57gxhxp6wepq

Learning Black-Box Attackers with Transferable Priors and Query Feedback [article]

Jiancheng Yang, Yangzhou Jiang, Xiaoyang Huang, Bingbing Ni, Chenglong Zhao
2020 arXiv   pre-print
By combining transferability-based and query-based black-box attack, we propose a surprisingly simple baseline approach (named SimBA++) using the surrogate model, which significantly outperforms several  ...  This paper addresses the challenging black-box adversarial attack problem, where only classification confidence of a victim model is available.  ...  Acknowledgments and Disclosure of Funding This work was supported by National Science Foundation of China (U20B200011, 61976137).  ... 
arXiv:2010.11742v1 fatcat:jymftjqk3baxzfbgq4zxc2kxtq

QAIR: Practical Query-efficient Black-Box Attacks for Image Retrieval [article]

Xiaodan Li, Jinfeng Li, Yuefeng Chen, Shaokai Ye, Yuan He, Shuhui Wang, Hang Su, Hui Xue
2021 arXiv   pre-print
To further boost the attack efficiency, a recursive model stealing method is proposed to acquire transferable priors on the target model and generate the prior-guided gradients.  ...  We study the query-based attack against image retrieval to evaluate its robustness against adversarial examples under the black-box setting, where the adversary only has query access to the top-k ranked  ...  To further boost the attack efficiency, a recursive model stealing method is proposed to obtain transfer-based priors and generate prior-guided gradients.  ... 
arXiv:2103.02927v2 fatcat:htkz2fsnyvc2nclkmbtapaln4u

Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution [article]

Yan Feng, Baoyuan Wu, Yanbo Fan, Li Liu, Zhifeng Li, Shutao Xia
2021 arXiv   pre-print
To tackle this issue, we innovatively propose a black-box attack method by developing a novel mechanism of adversarial transferability, which is robust to the surrogate biases.  ...  This work studies black-box adversarial attacks against deep neural networks (DNNs), where the attacker can only access the query feedback returned by the attacked DNN model, while other information such  ...  There are generally three sub-categories of score-based black-box attacks, including transfer-based, query-based and query-and-transferbased attacks. 1) Transfer-based methods attempt to generate adversarial  ... 
arXiv:2006.08538v4 fatcat:pila4sc75few3picgf44csm46m

Adaptive Temporal Grouping for Black-box Adversarial Attacks on Videos

Zhipeng Wei, Jingjing Chen, Hao Zhang, Linxi Jiang, Yu-Gang Jiang
2022 Proceedings of the 2022 International Conference on Multimedia Retrieval  
To this end, we propose to boost the efficiency of black-box attacks on video recognition models.  ...  However, these black-box attack methods are insufficient to attack videos models in real-world applications due to the requirement of lots of queries.  ...  black box attack algorithm starts from a large adversarial perturbation.  ... 
doi:10.1145/3512527.3531411 fatcat:t4pywjez2rhvppfdou2f2dezby

Attack as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack [article]

Chin-Yuan Yeh, Hsi-Wen Chen, Hong-Han Shuai, De-Nian Yang, Ming-Syan Chen
2021 arXiv   pre-print
LaS-GSA follows the Nullifying Attack to cancel the img2img translation process under a black-box setting.  ...  Such misuses of img2img techniques present a challenging problem for society. In this work, we tackle the problem by introducing the Limit-Aware Self-Guiding Gradient Sliding Attack (LaS-GSA).  ...  (red: the self-guiding prior; black: the transfer-based prior.) Figure 7 : 7 Examples of typical responses when perturbing a single pixel in the input of model BLACK2BLOND.  ... 
arXiv:2110.02516v1 fatcat:aqem7c4vx5dndafm7byxwub22i

Improving Black-box Adversarial Attacks with a Transfer-based Prior [article]

Shuyu Cheng, Yinpeng Dong, Tianyu Pang, Hang Su, Jun Zhu
2020 arXiv   pre-print
To address these problems, we propose a prior-guided random gradient-free (P-RGF) method to improve black-box adversarial attacks, which takes the advantage of a transfer-based prior and the query information  ...  Previous methods tried to approximate the gradient either by using a transfer gradient of a surrogate white-box model, or based on the query feedback.  ...  To address the aforementioned problems and improve black-box attacks, we propose a prior-guided random gradient-free (P-RGF) method to utilize the transfer-based prior for query-efficient blackbox attacks  ... 
arXiv:1906.06919v3 fatcat:ps23tpuyf5alfo73zcna5hm6ui

On the amplification of security and privacy risks by post-hoc explanations in machine learning models [article]

Pengrui Quan, Supriyo Chakraborty, Jeya Vikranth Jeyakumar, Mani Srivastava
2022 arXiv   pre-print
First, we propose novel explanation-guided black-box evasion attacks that lead to 10 times reduction in query count for the same success rate.  ...  Finally, we study explanation-guided model extraction attacks and demonstrate adversarial gains through a large reduction in query count.  ...  However, the cumulative costs associated with a large number of queries can render a query-inefficient black-box attack impractical [9] .  ... 
arXiv:2206.14004v1 fatcat:rc6rpxe66vdmhctkjzmlokmk7m

Boosting Black-Box Adversarial Attacks with Meta Learning [article]

Junjie Fu
2022 arXiv   pre-print
In this paper, we propose a hybrid attack method which trains meta adversarial perturbations (MAPs) on surrogate models and performs black-box attacks by estimating gradients of the models.  ...  However, it has been demonstrated that DNNs are very vulnerable to adversarial examples even in black-box settings. A large number of black-box attack methods have been proposed to in the literature.  ...  • Transfer-based methods Transfer-based methods perform black-box attacks based on the transferability of the adversarial examples.  ... 
arXiv:2203.14607v1 fatcat:agtdfzkqwjf6doobphv5hkzdua

Black-Box Adversarial Attack with Transferable Model-based Embedding [article]

Zhichao Huang, Tong Zhang
2020 arXiv   pre-print
We present a new method for black-box adversarial attack.  ...  We show that this approach can greatly improve the query efficiency of black-box adversarial attack across different target network architectures.  ...  In this paper, we push the idea of using a pretrained white-box source network to guide black-box attack significantly further, by proposing a method called TRansferable EMbedding based Black-box Attack  ... 
arXiv:1911.07140v2 fatcat:nytxdb62r5alzhcctv6kicw5ky

Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks [article]

Kaleel Mahmood, Rigel Mahmood, Ethan Rathbun, Marten van Dijk
2021 arXiv   pre-print
In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019.  ...  Overall, our paper surveys a wide body of literature to highlight recent attack developments and organizes them into four attack categories: score based attacks, decision based attacks, transfer attacks  ...  In [13] they propose combining the query and transfer based attacks to create a more query efficient attack which they call the prior-guided random gradient-free method (P-RGF).  ... 
arXiv:2109.15031v1 fatcat:a7ifv5wcrng3pbxqneo7wqmcei

Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks [article]

Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Haitao Zheng, Ben Y. Zhao
2022 arXiv   pre-print
We propose Blacklight, a new defense against query-based black-box adversarial attacks.  ...  Blacklight detects query-based black-box attacks by detecting highly similar queries, using an efficient similarity engine operating on probabilistic content fingerprints.  ...  Query-Based Black-Box Attacks. A more common and effective attack is query-based black-box attacks.  ... 
arXiv:2006.14042v3 fatcat:qy6fj3k3ejbxhotqizzwz4v7lq

Projection Probability-Driven Black-Box Attack [article]

Jie Li, Rongrong Ji, Hong Liu, Jianzhuang Liu, Bineng Zhong, Cheng Deng, Qi Tian
2020 arXiv   pre-print
Generating adversarial examples in a black-box setting retains a significant challenge with vast practical application prospects.  ...  In this paper, we propose Projection Probability-driven Black-box Attack (PPBA) to tackle this problem by reducing the solution space and providing better optimization.  ...  This work is supported by the Nature Sci-  ... 
arXiv:2005.03837v1 fatcat:zbvsrpb75zakzprqwpn5byqapa

Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks

Kaleel Mahmood, Rigel Mahmood, Ethan Rathbun, Marten Van Dijk
2021 IEEE Access  
In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019.  ...  Overall, our paper surveys a wide body of literature to highlight recent attack developments and organizes them into four attack categories: score based attacks, decision based attacks, transfer attacks  ...  QEBA: QUERY-EFFICIENT BOUNDARY-BASED BLACKBOX ATTACK Black-box attacks can be query-free or query-based.  ... 
doi:10.1109/access.2021.3138338 fatcat:r3m2dpcferdh7ivqn77nqdq3fe

Projection & Probability-Driven Black-Box Attack

Jie Li, Rongrong Ji, Hong Liu, Jianzhuang Liu, Bineng Zhong, Cheng Deng, Qi Tian
2020 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)  
Generating adversarial examples in a black-box setting retains a significant challenge with vast practical application prospects.  ...  In this paper, we propose Projection & Probability-driven Black-box Attack (PPBA) to tackle this problem by reducing the solution space and providing better optimization.  ...  There are two types of black-box attack methods, i.e., transfer-based attacks and query-based attacks: Transfer-Based Attacks.  ... 
doi:10.1109/cvpr42600.2020.00044 dblp:conf/cvpr/LiJ0LZDT20 fatcat:tuccmwioarbg5forqiyr7bzm7i
« Previous Showing results 1 — 15 out of 2,069 results