Research Article
Towards High Transferability on Neural Network for Black-Box Adversarial Attacks
@INPROCEEDINGS{10.1007/978-3-031-25538-0_5, author={Haochen Zhai and Futai Zou and Junhua Tang and Yue Wu}, title={Towards High Transferability on Neural Network for Black-Box Adversarial Attacks}, proceedings={Security and Privacy in Communication Networks. 18th EAI International Conference, SecureComm 2022, Virtual Event, October 2022, Proceedings}, proceedings_a={SECURECOMM}, year={2023}, month={2}, keywords={Black-box attack Meta learning Adversarial examples Query}, doi={10.1007/978-3-031-25538-0_5} }- Haochen Zhai
Futai Zou
Junhua Tang
Yue Wu
Year: 2023
Towards High Transferability on Neural Network for Black-Box Adversarial Attacks
SECURECOMM
Springer
DOI: 10.1007/978-3-031-25538-0_5
Abstract
Adversarial examples are one of the biggest potential risks faced by the modern neural networks, threatening the application with high sensitiveness. To improve the efficiency of black-box attacks, and eventually achieve the purpose of reducing the query number by a large margin when keeping a high attack success rate, we propose a NES-based gradient estimation method, which greatly reduces the queries via a heuristic way. We also use ADAM-based perturbation update rules to improve the strength of iterative attacks. Besides, to make the whole method more flexible, meta learning is introduced to generate gradients on multiple substitute models and train an initial meta model with stronger generalization ability for online attacks. Experiments on MNIST and CIFAR10 show that META-NES-ADAM attack greatly reduces query number while sacrificing a little attack success rate when attacking black-box models.
