Sparse-RS: A Versatile Framework for Query-Efficient Sparse Black-Box Adversarial Attacks
نویسندگان
چکیده
We propose a versatile framework based on random search, Sparse-RS, for score-based sparse targeted and untargeted attacks in the black-box setting. Sparse-RS does not rely substitute models achieves state-of-the-art success rate query efficiency multiple attack models: L0-bounded perturbations, adversarial patches, frames. The L0-version of outperforms all even white-box different MNIST, CIFAR-10, ImageNet. Moreover, our very high rates challenging settings 20x20 patches 2-pixel wide frames 224x224 images. Finally, we show that can be applied to generate universal where it significantly existing approaches. Our code is available at https://github.com/fra31/sparse-rs.
منابع مشابه
Query-Efficient Black-box Adversarial Examples
Current neural network-based image classifiers are susceptible to adversarial examples, even in the black-box setting, where the attacker is limited to query access without access to gradients. Previous methods — substitute networks and coordinate-based finite-difference methods — are either unreliable or query-inefficient, making these methods impractical for certain problems. We introduce a n...
متن کاملCombating Adversarial Attacks Using Sparse Representations
It is by now well-known that small adversarial perturbations can induce classification errors in deep neural networks (DNNs). In this paper, we make the case that sparse representations of the input data are a crucial tool for combating such attacks. For linear classifiers, we show that a sparsifying front end is provably effective against `∞-bounded attacks, reducing output distortion due to t...
متن کاملQuery-limited Black-box Attacks to Classifiers
We study black-box attacks on machine learning classifiers where each query to the model incurs some cost or risk of detection to the adversary. We focus explicitly on minimizing the number of queries as a major objective. Specifically, we consider the problem of attacking machine learning classifiers subject to a budget of feature modification cost while minimizing the number of queries, where...
متن کاملDelving into Transferable Adversarial Examples and Black-box Attacks
An intriguing property of deep neural networks is the existence of adversarial examples, which can transfer among different architectures. These transferable adversarial examples may severely hinder deep neural network-based applications. Previous works mostly study the transferability using small scale datasets. In this work, we are the first to conduct an extensive study of the transferabilit...
متن کاملSparse Models for Adversarial Learning
As the use of prediction methods becomes more widespread in applications the chances of adversarial manipulation becomes more likely. The canonical example is email and web spam where there is a constant tussle. We propose classification models which are robust against data manipulation by adversaries. For example, spammers are constantly manipulating data to breach spam filters by either rever...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence
سال: 2022
ISSN: ['2159-5399', '2374-3468']
DOI: https://doi.org/10.1609/aaai.v36i6.20595