Query Complexity of Adversarial Attacks

被引:0
|
作者
Gluch, Grzegorz [1 ]
Urbanke, Ruediger [1 ]
机构
[1] Ecole Polytech Fed Lausanne, Sch Comp & Commun Sci, Lausanne, Switzerland
来源
INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 139 | 2021年 / 139卷
关键词
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
There are two main attack models considered in the adversarial robustness literature: black-box and white-box. We consider these threat models as two ends of a fine-grained spectrum, indexed by the number of queries the adversary can ask. Using this point of view we investigate how many queries the adversary needs to make to design an attack that is comparable to the best possible attack in the white-box model. We give a lower bound on that number of queries in terms of entropy of decision boundaries of the classifier. Using this result we analyze two classical learning algorithms on two synthetic tasks for which we prove meaningful security guarantees. The obtained bounds suggest that some learning algorithms are inherently more robust against query-bounded adversaries than others.
引用
收藏
页数:11
相关论文
共 50 条
  • [21] ON THE REVERSIBILITY OF ADVERSARIAL ATTACKS
    Li, Chau Yi
    Sanchez-Matilla, Ricardo
    Shamsabadi, Ali Shahin
    Mazzon, Riccardo
    Cavallaro, Andrea
    2021 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING (ICIP), 2021, : 3073 - 3077
  • [22] Low-Rank and Sparse Decomposition for Low-Query Decision-Based Adversarial Attacks
    Esmaeili, Ashkan
    Edraki, Marzieh
    Rahnavard, Nazanin
    Mian, Ajmal
    Shah, Mubarak
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 : 1561 - 1575
  • [23] Simple and Efficient Hard Label Black-box Adversarial Attacks in Low Query Budget Regimes
    Shukla, Satya Narayan
    Sahu, Anit Kumar
    Willmott, Devin
    Kolter, Zico
    KDD '21: PROCEEDINGS OF THE 27TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY & DATA MINING, 2021, : 1461 - 1469
  • [24] Query-Efficient Black-Box Adversarial Attacks Guided by a Transfer-Based Prior
    Dong, Yinpeng
    Cheng, Shuyu
    Pang, Tianyu
    Su, Hang
    Zhu, Jun
    IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, 2022, 44 (12) : 9536 - 9548
  • [25] Functional Adversarial Attacks
    Laidlaw, Cassidy
    Feizi, Soheil
    ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 32 (NIPS 2019), 2019, 32
  • [26] Adversarial attacks and adversarial robustness in computational pathology
    Narmin Ghaffari Laleh
    Daniel Truhn
    Gregory Patrick Veldhuizen
    Tianyu Han
    Marko van Treeck
    Roman D. Buelow
    Rupert Langer
    Bastian Dislich
    Peter Boor
    Volkmar Schulz
    Jakob Nikolas Kather
    Nature Communications, 13
  • [27] DETECTION OF ADVERSARIAL ATTACKS AND CHARACTERIZATION OF ADVERSARIAL SUBSPACE
    Esmaeilpour, Mohammad
    Cardinal, Patrick
    Koerich, Alessandro Lameiras
    2020 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH, AND SIGNAL PROCESSING, 2020, : 3097 - 3101
  • [28] Adversarial attacks and adversarial robustness in computational pathology
    Ghaffari Laleh, Narmin
    Truhn, Daniel
    Veldhuizen, Gregory Patrick
    Han, Tianyu
    van Treeck, Marko
    Buelow, Roman D.
    Langer, Rupert
    Dislich, Bastian
    Boor, Peter
    Schulz, Volkmar
    Kather, Jakob Nikolas
    NATURE COMMUNICATIONS, 2022, 13 (01)
  • [29] From Query Complexity to Computational Complexity
    Dobzinski, Shahar
    Vondrak, Jan
    STOC'12: PROCEEDINGS OF THE 2012 ACM SYMPOSIUM ON THEORY OF COMPUTING, 2012, : 1107 - 1116
  • [30] The Query Complexity of Certification
    Blanc, Guy
    Koch, Caleb
    Lange, Jane
    Tan, Li-Yang
    PROCEEDINGS OF THE 54TH ANNUAL ACM SIGACT SYMPOSIUM ON THEORY OF COMPUTING (STOC '22), 2022, : 623 - 636
12345