Query efficient black-box adversarial attack on deep neural networks

被引:20
|
作者
Bai, Yang [1 ,2 ]
Wang, Yisen [2 ,3 ,4 ,6 ]
Zeng, Yuyuan [2 ]
Jiang, Yong [2 ,5 ]
Xia, Shu-Tao [2 ,5 ]
机构
[1] Tencent Secur Zhuque Lab, Shenzhen, Peoples R China
[2] Tsinghua Univ, Beijing, Peoples R China
[3] Peking Univ, Sch Intelligence Sci & Technol, Key Lab Machine Percept MoE, Beijing, Peoples R China
[4] Peking Univ, Inst Artificial Intelligence, Beijing, Peoples R China
[5] Peng Cheng Lab, Shenzhen, Peoples R China
[6] Peking Univ, Sch Intelligence Sci & Techno, Key Lab Machine Percept MoE, Beijing, Peoples R China
来源
PATTERN RECOGNITION | 2023年 / 133卷
基金
中国国家自然科学基金;
关键词
Black-box adversarial attack; Adversarial distribution; Query efficiency; Neural process;
D O I
10.1016/j.patcog.2022.109037
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Deep neural networks (DNNs) have demonstrated excellent performance on various tasks, yet they are under the risk of adversarial examples that can be easily generated when the target model is accessible to an attacker (white-box setting). As plenty of machine learning models have been deployed via online services that only provide query outputs from inaccessible models (e.g., Google Cloud Vision API2), black -box adversarial attacks raise critical security concerns in practice rather than white-box ones. However, existing query-based black-box adversarial attacks often require excessive model queries to maintain a high attack success rate. Therefore, in order to improve query efficiency, we explore the distribution of adversarial examples around benign inputs with the help of image structure information characterized by a Neural Process, and propose a Neural Process based black-box adversarial attack (NP-Attack) in this paper. Our proposed NP-Attack could be further boosted when applied with surrogate models or tiling tricks. Extensive experiments show that NP-Attack could greatly decrease the query counts under the black-box setting.(c) 2022 Elsevier Ltd. All rights reserved.
引用
收藏
页数:11
相关论文
共 50 条
  • [21] Black-Box Testing of Deep Neural Networks
    Byun, Taejoon
    Rayadurgam, Sanjai
    Heimdahl, Mats P. E.
    [J]. 2021 IEEE 32ND INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE 2021), 2021, : 309 - 320
  • [22] SIMULATOR ATTACK plus FOR BLACK-BOX ADVERSARIAL ATTACK
    Ji, Yimu
    Ding, Jianyu
    Chen, Zhiyu
    Wu, Fei
    Zhang, Chi
    Sun, Yiming
    Sun, Jing
    Liu, Shangdong
    [J]. 2022 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2022, : 636 - 640
  • [23] Query-Efficient Target-Agnostic Black-Box Attack
    Moraffah, Raha
    Liu, Huan
    [J]. 2022 IEEE INTERNATIONAL CONFERENCE ON DATA MINING (ICDM), 2022, : 368 - 377
  • [24] TOWARDS QUERY EFFICIENT AND GENERALIZABLE BLACK-BOX FACE RECONSTRUCTION ATTACK
    Park, Hojin
    Park, Jaewoo
    Dong, Xingbo
    Teoh, Andrew Beng Jin
    [J]. 2023 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2023, : 1060 - 1064
  • [25] Black-Box Adversarial Attack for Deep Learning Classifiers in IoT Applications
    Singh, Abhijit
    Sikdar, Biplab
    [J]. 2022 IEEE 8TH WORLD FORUM ON INTERNET OF THINGS, WF-IOT, 2022,
  • [26] Amora: Black-box Adversarial Morphing Attack
    Wang, Run
    Juefei-Xu, Felix
    Guo, Qing
    Huang, Yihao
    Xie, Xiaofei
    Ma, Lei
    Liu, Yang
    [J]. MM '20: PROCEEDINGS OF THE 28TH ACM INTERNATIONAL CONFERENCE ON MULTIMEDIA, 2020, : 1376 - 1385
  • [27] A black-Box adversarial attack for poisoning clustering
    Cina, Antonio Emanuele
    Torcinovich, Alessandro
    Pelillo, Marcello
    [J]. PATTERN RECOGNITION, 2022, 122
  • [28] Adversarial Eigen Attack on Black-Box Models
    Zhou, Linjun
    Cui, Peng
    Zhang, Xingxuan
    Jiang, Yinan
    Yang, Shiqiang
    [J]. 2022 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR 2022), 2022, : 15233 - 15241
  • [29] attackGAN: Adversarial Attack against Black-box IDS using Generative Adversarial Networks
    Zhao, Shuang
    Li, Jing
    Wang, Jianmin
    Zhang, Zhao
    Zhu, Lin
    Zhang, Yong
    [J]. 2020 INTERNATIONAL CONFERENCE ON IDENTIFICATION, INFORMATION AND KNOWLEDGE IN THE INTERNET OF THINGS (IIKI2020), 2021, 187 : 128 - 133
  • [30] Query-Efficient Black-Box Adversarial Attacks on Automatic Speech Recognition
    Tong, Chuxuan
    Zheng, Xi
    Li, Jianhua
    Ma, Xingjun
    Gao, Longxiang
    Xiang, Yong
    [J]. IEEE-ACM TRANSACTIONS ON AUDIO SPEECH AND LANGUAGE PROCESSING, 2023, 31 : 3981 - 3992
12345