Spanning attack: reinforce black-box attacks with unlabeled data

被引：11

作者：

Wang, Lu ^{[1
,2
]}

Zhang, Huan ^{[3
]}

Yi, Jinfeng ^{[2
]}

Hsieh, Cho-Jui ^{[3
]}

Jiang, Yuan ^{[1
]}

机构：

[1] Nanjing Univ, Natl Key Lab Novel Software Technol, Nanjing 210023, Peoples R China

[2] JD Com, JD AI Res, Beijing 100020, Peoples R China

[3] Univ Calif Los Angeles, Dept Comp Sci, Los Angeles, CA 90095 USA

来源：

MACHINE LEARNING | 2020年 / 109卷 / 12期

关键词：

Adversarial machine learning; Adversarial robustness; Black-box attacks; Query efficiency; ROBUSTNESS;

D O I：

10.1007/s10994-020-05916-1

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Adversarial black-box attacks aim to craft adversarial perturbations by querying input-output pairs of machine learning models. They are widely used to evaluate the robustness of pre-trained models. However, black-box attacks often suffer from the issue of query inefficiency due to the high dimensionality of the input space, and therefore incur a false sense of model robustness. In this paper, we relax the conditions of the black-box threat model, and propose a novel technique called the spanning attack. By constraining adversarial perturbations in a low-dimensional subspace via spanning an auxiliary unlabeled dataset, the spanning attack significantly improves the query efficiency of a wide variety of existing black-box attacks. Extensive experiments show that the proposed method works favorably in both soft-label and hard-label black-box attacks.

引用

页码：2349 / 2368

页数：20

共 50 条

[1] Spanning attack: reinforce black-box attacks with unlabeled data
Lu Wang
Huan Zhang
Jinfeng Yi
Cho-Jui Hsieh
Yuan Jiang
[J]. Machine Learning, 2020, 109 : 2349 - 2368
[2] Reverse Attack: Black-box Attacks on Collaborative Recommendation
Zhang, Yihe
Yuan, Xu
Li, Jin
Lou, Jiadong
Chen, Li
Tzeng, Nian-Feng
[J]. CCS '21: PROCEEDINGS OF THE 2021 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, : 51 - 68
[3] Black-Box Data Poisoning Attacks on Crowdsourcing
Chen, Pengpeng
Yang, Yongqiang
Yang, Dingqi
Sun, Hailong
Chen, Zhijun
Lin, Peng
[J]. PROCEEDINGS OF THE THIRTY-SECOND INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, IJCAI 2023, 2023, : 2975 - 2983
[4] Black-box adversarial attacks on XSS attack detection model
Wang, Qiuhua
Yang, Hui
Wu, Guohua
Choo, Kim-Kwang Raymond
Zhang, Zheng
Miao, Gongxun
Ren, Yizhi
[J]. COMPUTERS & SECURITY, 2022, 113
[5] A Black-Box Attack Algorithm Targeting Unlabeled Industrial AI Systems With Contrastive Learning
Duan, Mingxing
Xiao, Guoqing
Li, Kenli
Xiao, Bin
[J]. IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, 2024, 20 (04) : 6325 - 6335
[6] Black-box Detection of Backdoor Attacks with Limited Information and Data
Dong, Yinpeng
Yang, Xiao
Deng, Zhijie
Pang, Tianyu
Xiao, Zihao
Su, Hang
Zhu, Jun
[J]. 2021 IEEE/CVF INTERNATIONAL CONFERENCE ON COMPUTER VISION (ICCV 2021), 2021, : 16462 - 16471
[7] Towards Efficient Data Free Black-box Adversarial Attack
Zhang, Jie
Li, Bo
Xu, Jianghe
Wu, Shuang
Ding, Shouhong
Zhang, Lei
Wu, Chao
[J]. 2022 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR 2022), 2022, : 15094 - 15104
[8] Delving into Data: Effectively Substitute Training for Black-box Attack
Wang, Wenxuan
Yin, Bangjie
Yao, Taiping
Zhang, Li
Fu, Yanwei
Ding, Shouhong
Li, Jilin
Huang, Feiyue
Xue, Xiangyang
[J]. 2021 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION, CVPR 2021, 2021, : 4759 - 4768
[9] Simple Black-box Adversarial Attacks
Guo, Chuan
Gardner, Jacob R.
You, Yurong
Wilson, Andrew Gordon
Weinberger, Kilian Q.
[J]. INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 97, 2019, 97
[10] SIMULATOR ATTACK plus FOR BLACK-BOX ADVERSARIAL ATTACK
Ji, Yimu
Ding, Jianyu
Chen, Zhiyu
Wu, Fei
Zhang, Chi
Sun, Yiming
Sun, Jing
Liu, Shangdong
[J]. 2022 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2022, : 636 - 640

← 1 2 3 4 5 →