3,159 Hits in 6.0 sec

Random Noise Defense Against Query-Based Black-Box Attacks [article]

Zeyu Qin, Yanbo Fan, Hongyuan Zha, Baoyuan Wu
2021 arXiv   pre-print
We conduct the theoretical analysis about the effectiveness of RND against query-based black-box attacks and the corresponding adaptive attacks.  ...  The query-based black-box attacks have raised serious threats to machine learning models in many real applications.  ...  To this end, we study a lightweight defense strategy, dubbed Random Noise Defense (RND) against query-based black-box attacks.  ... 
arXiv:2104.11470v2 fatcat:zcsiuas2mzgflk46ktc5dwp6vu

On the Effectiveness of Small Input Noise for Defending Against Query-based Black-Box Attacks [article]

Junyoung Byun, Hyojun Go, Changick Kim
2021 arXiv   pre-print
We analyze how SND can defend against query-based black-box attacks and demonstrate its effectiveness against eight state-of-the-art attacks with CIFAR-10 and ImageNet datasets.  ...  From this motivation, we observe even a small additive input noise can neutralize most query-based attacks and name this simple yet effective approach Small Noise Defense (SND).  ...  [14] empirically find that randomization-based defenses are more effective in defending against query-based black-box attacks than other types of defenses.  ... 
arXiv:2101.04829v2 fatcat:s6qkng7cfzde7pmqi3u7xzkove

Output Randomization: A Novel Defense for both White-box and Black-box Adversarial Models [article]

Daniel Park, Haidar Khan, Azer Khan, Alex Gittens, Bülent Yener
2021 arXiv   pre-print
In this paper, we explore the use of output randomization as a defense against attacks in both the black box and white box models and propose two defenses.  ...  In the first defense, we propose output randomization at test time to thwart finite difference attacks in black box settings.  ...  a defense against black box finite difference attacks.  ... 
arXiv:2107.03806v1 fatcat:326dwzfl4fbjfktbutzags75gy

Low Frequency Adversarial Perturbation [article]

Chuan Guo, Jared S. Frank, Kilian Q. Weinberger
2019 arXiv   pre-print
This approach is readily compatible with many existing black-box attack frameworks and consistently reduces their query cost by 2 to 4 times.  ...  In the black-box setting, the absence of gradient information often renders this search problem costly in terms of query complexity.  ...  of transformation based defenses in the black-box setting.  ... 
arXiv:1809.08758v2 fatcat:hgska7rrgfahfn3y4f42dbhkzy

Boundary Defense Against Black-box Adversarial Attacks [article]

Manjushree B. Aithal, Xiaohua Li
2022 arXiv   pre-print
Black-box adversarial attacks generate adversarial samples via iterative optimizations using repeated queries. Defending deep neural networks against such attacks has been challenging.  ...  Extensive experiments are conducted and the results show that the BD method can reliably defend against both soft and hard label black-box attacks. It outperforms a list of existing defense methods.  ...  For the defense against black-box attacks, a lot of methods are derived directly from the defense methods against white-box attacks, such as input transformation [32] , network randomization [33] and  ... 
arXiv:2201.13444v1 fatcat:n7s6p62pjzg43lxkg5vwcvc7ka

Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems [article]

Yue Gao, Ilia Shumailov, Kassem Fawaz
2022 arXiv   pre-print
We further demonstrate this problem on a commercial Image Analysis API with decision-based black-box attacks.  ...  We propose a novel sampling strategy to make a black-box attack exploit vulnerabilities in scaling algorithms, scaling defenses, and the final machine learning model in an end-to-end manner.  ...  ., 2018b) to attack randomized defenses without additional queries to the black-box model. With these techniques, we circumvent 4 out of 5 state-ofthe-art defenses to exploit the scaling function.  ... 
arXiv:2104.08690v3 fatcat:svpowm25qbhyhkoxsjtz6kxwee

GenAttack: Practical Black-box Attacks with Gradient-Free Optimization [article]

Moustafa Alzantot, Yash Sharma, Supriyo Chakraborty, Huan Zhang, Cho-Jui Hsieh, Mani Srivastava
2019 arXiv   pre-print
Against MNIST and CIFAR-10 models, GenAttack required roughly 2,126 and 2,568 times fewer queries respectively, than ZOO, the prior state-of-the-art black-box attack.  ...  Deep neural networks are vulnerable to adversarial examples, even in the black-box setting, where the attacker is restricted solely to query access.  ...  We demonstrate that the defense is much less robust against query-efficient black-box attacks, such as GenAttack.  ... 
arXiv:1805.11090v3 fatcat:5btwodz4ybafrlzlto5y6t5ubi

Mitigating Black-Box Adversarial Attacks via Output Noise Perturbation [article]

Manjushree B. Aithal, Xiaohua Li
2021 arXiv   pre-print
In black-box adversarial attacks, adversaries query the deep neural network (DNN), use the output to reconstruct gradients, and then optimize the adversarial inputs iteratively.  ...  Our experiments demonstrate that this method can effectively mitigate both soft-label and hard-label black-box attacks under realistic QC constraints.  ...  Conclusions In this paper, we studied the addition of white noise to DNN's output as a defense against black-box adversarial attacks.  ... 
arXiv:2109.15160v1 fatcat:i57rydy7vje6noobropaezygxe

MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples [article]

Jinyuan Jia, Ahmed Salem, Michael Backes, Yang Zhang, Neil Zhenqiang Gong
2019 arXiv   pre-print
In this work, we propose MemGuard, the first defense with formal utility-loss guarantees against black-box membership inference attacks.  ...  Specifically, given a black-box access to the target classifier, the attacker trains a binary classifier, which takes a data sample's confidence score vector predicted by the target classifier as an input  ...  Our work: In this work, we propose MemGuard, the first defense with formal utility-loss guarantees against membership inference attacks under the black-box setting.  ... 
arXiv:1909.10594v3 fatcat:lfrwiwpyrreknhxejsef35ukhq

Towards Adversarial Attack Resistant Deep Neural Networks

Tiago A. O. Alves, Sandip Kundu
2020 The European Symposium on Artificial Neural Networks  
Our first defense adds a controlled random noise to the output confidence levels, which prevents an adversary from converging in their numerical approximation attack.  ...  Our defenses are based on denying access to the precise classification boundary.  ...  Introduction In adversarial attacks against black-box ML systems, an attacker does not have any information about the model or the training dataset.  ... 
dblp:conf/esann/AlvesK20 fatcat:jtmptj7ixbaojln5xrrn2re56m

Cloud-based Image Classification Service Is Not Robust To Simple Transformations: A Forgotten Battlefield [article]

Dou Goodman, Tao Wei
2020 arXiv   pre-print
first attempt to conduct an extensive empirical study of Simple Transformation (ST) attacks against real-world cloud-based classification services.  ...  , IF attack have a success rate over 98% among different classification services. (3) We discuss the possible defenses to address these security challenges.Experiments show that our defense technology  ...  Query-based attacks are typical black-box attacks, attackers do not have the prior knowledge and get inner information of DL models through hundreds of thousands of queries to successfully generate an  ... 
arXiv:1906.07997v2 fatcat:pxkcczfhmjbspaytyiiwluorxi

Morphence: Moving Target Defense Against Adversarial Examples [article]

Abderrahmen Amich, Birhanu Eshete
2021 arXiv   pre-print
We evaluate Morphence on two benchmark image classification datasets (MNIST and CIFAR10) against five reference attacks (2 white-box and 3 black-box).  ...  Morphence deploys a pool of models generated from a base model in a manner that introduces sufficient randomness when it responds to prediction queries.  ...  To explore Morphence's robustness against query-based black-box attacks, we employ SPSA since it performs multiple correlated queries before crafting adversarial examples.  ... 
arXiv:2108.13952v3 fatcat:4zhaa7imergxbgq24ztjp4xs3a

Mitigating Black-Box Adversarial Attacks via Output Noise Perturbation

Manjushree B. Aithal, Xiaohua Li
2022 IEEE Access  
In black-box adversarial attacks, attackers query the deep neural network (DNN) and use the query results to optimize the adversarial samples iteratively.  ...  One of our unique contributions is a theoretical analysis of gradient signal-to-noise ratio (SNR), which shows the trade-off between the defense noise level and the attack query cost.  ...  CONCLUSION In this paper, we studied the addition of white noise to DNN's output as a defense against black-box adversarial attacks.  ... 
doi:10.1109/access.2022.3146198 fatcat:pd7pj5xxcjcubgxslopkix5tda

Beware the Black-Box: on the Robustness of Recent Defenses to Adversarial Examples [article]

Kaleel Mahmood, Deniz Gurevin, Marten van Dijk, Phuong Ha Nguyen
2021 arXiv   pre-print
Many defenses have recently been proposed at venues like NIPS, ICML, ICLR and CVPR. These defenses are mainly focused on mitigating white-box attacks. They do not properly examine black-box attacks.  ...  For every defense, we also show the relationship between the amount of data the adversary has at their disposal, and the effectiveness of adaptive black-box attacks.  ...  Query only black-box attacks can further be divided into two categories: score based black-box attacks and decision based black-box attacks. • Score based black-box attacks.  ... 
arXiv:2006.10876v2 fatcat:agf4zj5bwvagbkrid466vb3mdy

BUZz: BUffer Zones for defending adversarial examples in image classification [article]

Kaleel Mahmood, Phuong Ha Nguyen, Lam M. Nguyen, Thanh Nguyen, Marten van Dijk
2020 arXiv   pre-print
We propose a novel defense against all existing gradient based adversarial attacks on deep neural networks for image classification problems.  ...  We argue that our defense based on buffer zones offers significant improvements over state-of-the-art defenses.  ...  B.3 Defenses against white-box and black-box attacks White-Box defenses.  ... 
arXiv:1910.02785v2 fatcat:rbrq6wj7ivf3pmuil6ie3qbvhe
« Previous Showing results 1 — 15 out of 3,159 results