Internet Archive Scholar

Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks

Thomas Brunner, Frederik Diehl, Michael Truong Le, Alois Knoll
2019 2019 IEEE/CVF International Conference on Computer Vision (ICCV)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (10.2 MB)
https://web.archive.org/web/20200506014717/https://mediatum.ub.tum.de/doc/1520097/document.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

We consider adversarial examples for image classification in the black-box decision-based setting. Here, an attacker cannot access confidence scores, but only the final label. Most attacks for this scenario are either unreliable or inefficient. Focusing on the latter, we show that a specific class of attacks, Boundary Attacks, can be reinterpreted as a biased sampling framework that gains efficiency from domain knowledge. We identify three such biases, image frequency, regional masks and
more » ... te gradients, and evaluate their performance against an ImageNet classifier. We show that the combination of these biases outperforms the state of the art by a wide margin. We also showcase an efficient way to attack the Google Cloud Vision API, where we craft convincing perturbations with just a few hundred queries. Finally, the methods we propose have also been found to work very well against strong defenses: Our targeted attack won second place in the NeurIPS 2018 Adversarial Vision Challenge.
doi:10.1109/iccv.2019.00506 dblp:conf/iccv/BrunnerDTK19 fatcat:m3gt5atwd5airkuozxgzkgf5x4
Citation

Thomas Brunner, Frederik Diehl, Michael Truong Le, Alois Knoll. "Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks." 2019 IEEE/CVF International Conference on Computer Vision (ICCV) (2019) 4957-4965