Visible to the public A Black-Box Approach to Generate Adversarial Examples Against Deep Neural Networks for High Dimensional Input

Publication TypeConference Paper
Year of Publication2019
AuthorsSong, Chengru, Xu, Changqiao, Yang, Shujie, Zhou, Zan, Gong, Changhui
Conference Name2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC)
Date Publishedjun
AbstractGenerating adversarial samples is gathering much attention as an intuitive approach to evaluate the robustness of learning models. Extensive recent works have demonstrated that numerous advanced image classifiers are defenseless to adversarial perturbations in the white-box setting. However, the white-box setting assumes attackers to have prior knowledge of model parameters, which are generally inaccessible in real world cases. In this paper, we concentrate on the hard-label black-box setting where attackers can only pose queries to probe the model parameters responsible for classifying different images. Therefore, the issue is converted into minimizing non-continuous function. A black-box approach is proposed to address both massive queries and the non-continuous step function problem by applying a combination of a linear fine-grained search, Fibonacci search, and a zeroth order optimization algorithm. However, the input dimension of a image is so high that the estimation of gradient is noisy. Hence, we adopt a zeroth-order optimization method in high dimensions. The approach converts calculation of gradient into a linear regression model and extracts dimensions that are more significant. Experimental results illustrate that our approach can relatively reduce the amount of queries and effectively accelerate convergence of the optimization method.
Citation Keysong_black-box_2019