Query efficient black-box adversarial attack on deep neural networks. (January 2023)
- Record Type:
- Journal Article
- Title:
- Query efficient black-box adversarial attack on deep neural networks. (January 2023)
- Main Title:
- Query efficient black-box adversarial attack on deep neural networks
- Authors:
- Bai, Yang
Wang, Yisen
Zeng, Yuyuan
Jiang, Yong
Xia, Shu-Tao - Abstract:
- Highlights: We explore the flexible versions of NP-Attack, when combined with the surrogate models. Our method could show a better query efficiency, demonstrating that NP-Attack outperforms with or without surrogate models. We add some tiling tricks on NP-Attack to improve query efficiency. Moreover, we also design some ablation study experiments on tiling parameters. We also evaluate NP-Attack on adversarial defense models to further discuss the capability of our method. Extensive experiments on benchmark demonstrate that our NP-Attack still outperforms existing evolution strategy methods in these black-box attack tasks. Abstract: Deep neural networks (DNNs) have demonstrated excellent performance on various tasks, yet they are under the risk of adversarial examples that can be easily generated when the target model is accessible to an attacker (white-box setting). As plenty of machine learning models have been deployed via online services that only provide query outputs from inaccessible models ( e.g., Google Cloud Vision API2), black-box adversarial attacks raise critical security concerns in practice rather than white-box ones. However, existing query-based black-box adversarial attacks often require excessive model queries to maintain a high attack success rate. Therefore, in order to improve query efficiency, we explore the distribution of adversarial examples around benign inputs with the help of image structure information characterized by a Neural Process, andHighlights: We explore the flexible versions of NP-Attack, when combined with the surrogate models. Our method could show a better query efficiency, demonstrating that NP-Attack outperforms with or without surrogate models. We add some tiling tricks on NP-Attack to improve query efficiency. Moreover, we also design some ablation study experiments on tiling parameters. We also evaluate NP-Attack on adversarial defense models to further discuss the capability of our method. Extensive experiments on benchmark demonstrate that our NP-Attack still outperforms existing evolution strategy methods in these black-box attack tasks. Abstract: Deep neural networks (DNNs) have demonstrated excellent performance on various tasks, yet they are under the risk of adversarial examples that can be easily generated when the target model is accessible to an attacker (white-box setting). As plenty of machine learning models have been deployed via online services that only provide query outputs from inaccessible models ( e.g., Google Cloud Vision API2), black-box adversarial attacks raise critical security concerns in practice rather than white-box ones. However, existing query-based black-box adversarial attacks often require excessive model queries to maintain a high attack success rate. Therefore, in order to improve query efficiency, we explore the distribution of adversarial examples around benign inputs with the help of image structure information characterized by a Neural Process, and propose a Neural Process based black-box adversarial attack (NP-Attack) in this paper. Our proposed NP-Attack could be further boosted when applied with surrogate models or tiling tricks. Extensive experiments show that NP-Attack could greatly decrease the query counts under the black-box setting. … (more)
- Is Part Of:
- Pattern recognition. Volume 133(2023)
- Journal:
- Pattern recognition
- Issue:
- Volume 133(2023)
- Issue Display:
- Volume 133, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 133
- Issue:
- 2023
- Issue Sort Value:
- 2023-0133-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-01
- Subjects:
- Black-box adversarial attack -- Adversarial distribution -- Query efficiency -- Neural process
Pattern perception -- Periodicals
Perception des structures -- Périodiques
Patroonherkenning
006.4 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00313203 ↗
http://www.sciencedirect.com/ ↗ - DOI:
- 10.1016/j.patcog.2022.109037 ↗
- Languages:
- English
- ISSNs:
- 0031-3203
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24024.xml