A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
HopSkipJumpAttack: A Query-Efficient Decision-Based Attack
[article]
2020
arXiv
pre-print
Preserved Fulltext
Other Versions
The goal of a decision-based adversarial attack on a trained model is to generate adversarial examples based solely on observing output labels returned by the targeted model. ...
We develop HopSkipJumpAttack, a family of algorithms based on a novel estimate of the gradient direction using binary information at the decision boundary. ...
A. Efficiency evaluation a) Baselines: We compare HopSkipJumpAttack with three state-of-the-art decision-based attacks: Boundary Attack [14] , Limited Attack [9] and Opt Attack [16] . ...
arXiv:1904.02144v5
fatcat:ccgrju4rh5cvtessq7dztsh5ki
HopSkipJumpAttack: A Query-Efficient Decision-Based Attack
2020
2020 IEEE Symposium on Security and Privacy (SP)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Experiments show HopSkipJumpAttack requires significantly fewer model queries than several state-of-the-art decision-based adversarial attacks. ...
The goal of a decision-based adversarial attack on a trained model is to generate adversarial examples based solely on observing output labels returned by the targeted model. ...
A. Efficiency evaluation a) Baselines: We compare HopSkipJumpAttack with three state-of-the-art decision-based attacks: Boundary Attack [14] , Limited Attack [9] and Opt Attack [16] . ...
doi:10.1109/sp40000.2020.00045
dblp:conf/sp/ChenJW20
fatcat:wtxqvljvrrcylp2agskg4vsku4
Triangle Attack: A Query-efficient Decision-based Adversarial Attack
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
various perturbation budgets than existing decision-based attacks. ...
Decision-based attack poses a severe threat to real-world applications since it regards the target model as a black box and only accesses the hard prediction label. ...
In this work, we aim to boost the query efficiency of decision-based attack by utilizing the geometric information and provide a brief overview of existing decision-based attacks. ...
arXiv:2112.06569v3
fatcat:vtxkg3tt3bgrve4m6biql5caye
Query-Efficient Adversarial Attack Based on Latin Hypercube Sampling
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To overcome the drawback of SRS, this paper proposes a Latin Hypercube Sampling based Boundary Attack (LHS-BA) to save query budget. ...
In order to be applicable in real-world scenario, Boundary Attacks (BAs) were proposed and ensured one hundred percent attack success rate with only decision information. ...
However, they lack of efficiency due to requiring a great deal of queries or getting a relatively large perturbation with a limited query budget. ...
arXiv:2207.02391v1
fatcat:brhgagnnxfdifbfv3r2ftibz5y
Policy-Driven Attack: Learning to Query for Hard-label Black-box Adversarial Examples
2021
International Conference on Learning Representations
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a novel hard-label black-box attack named Policy-Driven Attack, to reduce the query complexity. ...
Existing black-box attacks generally suffer from high query complexity, especially when only the top-1 decision (i.e., the hard-label prediction) of the victim model is available. ...
query-efficient. ...
dblp:conf/iclr/YanGLZ21
fatcat:loxluhco2bgp7jqwvtmstta4ci
Sign-OPT: A Query-Efficient Hard-label Adversarial Attack
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
, where limited model queries are allowed and only the decision is provided to a queried data input. ...
Using this single query oracle for retrieving sign of directional derivative, we develop a novel query-efficient Sign-OPT approach for hard-label black-box attack. ...
Figure 7 shows a comparison of Sign-OPT and HopSkipJumpAttack for CIFAR-10 and MNIST datasets for the case of L 2 norm based attack. ...
arXiv:1909.10773v3
fatcat:s4n5hqweifddnjexbc7arakkqa
Performance Evaluation of Adversarial Attacks: Discrepancies and Solutions
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
By examining various attack algorithms, including gradient-based and query-based attacks, we notice the lack of a consensus on a uniform standard for unbiased performance evaluation. ...
Accordingly, we propose a Piece-wise Sampling Curving (PSC) toolkit to effectively address the aforementioned discrepancy, by generating a comprehensive comparison among adversaries in a given range. ...
But for some decision-based attacks like Boundary Attack and HopSkipJumpAttack, they actually have two measurements. ...
arXiv:2104.11103v1
fatcat:nh5kzkn2rzhkzp7vkfdh4g3xda
Tiki-Taka
2020
Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In this paper, we introduce Tiki-Taka, a general framework for (i) assessing the robustness of state-of-the-art deep learning-based NIDS against adversarial manipulations, and which (ii) incorporates our ...
The results obtained reveal that, under realistic constraints, attackers can evade NIDS with up to 35.7% success rates, by only altering time-based features of the traffic generated. ...
Kuppa et al. consider a more realistic situation, performing black-box attacks against different deep learning-based detectors in decision-based and query-limited settings [28] . ...
doi:10.1145/3411495.3421359
fatcat:ispgcjohqvh6ji6faarl3vpkky
QAIR: Practical Query-efficient Black-Box Attacks for Image Retrieval
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
To further boost the attack efficiency, a recursive model stealing method is proposed to acquire transferable priors on the target model and generate the prior-guided gradients. ...
We study the query-based attack against image retrieval to evaluate its robustness against adversarial examples under the black-box setting, where the adversary only has query access to the top-k ranked ...
Decision-based Attack Decision-based attacks is a kind of query-based attack that requires only the decision of whether the attack succeeds. ...
arXiv:2103.02927v2
fatcat:htkz2fsnyvc2nclkmbtapaln4u
LSDAT: Low-Rank and Sparse Decomposition for Decision-based Adversarial Attack
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2021 pre-print arXiv:2103.10787v1 fatcat:zidfsqw6z5effp4v2wckts4c5a
We demonstrate ℓ_0, ℓ_2 and ℓ_∞ bounded attacks with LSDAT to evince its efficiency compared to baseline decision-based attacks in diverse low-query budget scenarios as outlined in the experiments. ...
We propose LSDAT, an image-agnostic decision-based black-box attack that exploits low-rank and sparse decomposition (LSD) to dramatically reduce the number of queries and achieve superior fooling rates ...
CONCLUDING REMARKS A query-efficient decision-based adversarial attack (LSDAT) is introduced based on low-rank and sparse decomposition. ...
arXiv:2103.10787v2
fatcat:5o7n5l5xobbxrar7km36amdjri
Decision-based Black-box Attack Against Vision Transformers via Patch-wise Adversarial Removal
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In addition, PAR can be used as a noise initialization method for other decision-based attacks to improve the noise compression efficiency on both ViTs and CNNs without introducing additional calculations ...
In this paper, we theoretically analyze the limitations of existing decision-based attacks from the perspective of noise sensitivity difference between regions of the image, and propose a new decision-based ...
PAR as Noise Initialization Method As an query-efficient decision-based attack, PAR can also be used as a noise initialization method for other decision-based methods. ...
arXiv:2112.03492v2
fatcat:25jgkzahjrhrtdvzifejv534aq
L-AutoDA: Leveraging Large Language Models for Automated Decision-based Adversarial Attacks
[article]
2024
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2024; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Decision-based attacks, which only require feedback on the decision of a model rather than detailed probabilities or scores, are particularly insidious and difficult to defend against. ...
This work introduces L-AutoDA (Large Language Model-based Automated Decision-based Adversarial Attacks), a novel approach leveraging the generative capabilities of Large Language Models (LLMs) to automate ...
We utilize a random-walk-based template to construct decision-based attacks, as outlined in Algorithm 1. ...
arXiv:2401.15335v1
fatcat:zdcjjw3gdrgtxa4czux6kpd7lu
QEBA: Query-Efficient Boundary-Based Blackbox Attack
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a Query-Efficient Boundary-based blackbox Attack (QEBA) based only on model's final prediction labels. ...
We theoretically show why previous boundary-based attack with gradient estimation on the whole gradient space is not efficient in terms of query numbers, and provide optimality analysis for our dimension ...
Query-Efficient Boundary-based blackbox Attack (QEBA) In this section we first introduce the pipeline of QEBA which is based on HopSkipJumpAttack (HSJA) [9] . ...
arXiv:2005.14137v1
fatcat:ztslkmuamjb7tn2ikejbdmckym
QEBA: Query-Efficient Boundary-Based Blackbox Attack
2020
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In this paper, we propose a Query-Efficient Boundary-based blackbox Attack (QEBA) based only on model's final prediction labels. ...
We theoretically show why previous boundary-based attack with gradient estimation on the whole gradient space is not efficient in terms of query numbers, and provide optimality analysis for our dimension ...
Query-Efficient Boundary-based blackbox Attack (QEBA) In this section we first introduce the pipeline of QEBA which is based on HopSkipJumpAttack (HSJA) [9] . ...
doi:10.1109/cvpr42600.2020.00130
dblp:conf/cvpr/LiXZYL20
fatcat:mjcnexwbsracbdzr5eg5pjrm3q
Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
The general idea is transferring partial parameters of the conditional adversarial distribution (CAD) of surrogate models, while learning the untransferred parameters based on queries to the target model ...
To tackle this issue, we innovatively propose a black-box attack method by developing a novel mechanism of adversarial transferability, which is robust to the surrogate biases. ...
In this section, we mainly discuss the related works of black-box adversarial attack methods, including decision-based and score-based adversarial attacks. Decision-based Adversarial Attacks. ...
arXiv:2006.08538v4
fatcat:pila4sc75few3picgf44csm46m
« Previous
Showing results 1 — 15 out of 61 results