Hessian-Aware Zeroth-Order Optimization for Black-Box Adversarial Attack

TL;DR

This paper introduces ZO-HessAware, a Hessian-aware zeroth-order optimization algorithm that leverages second-order information to enhance black-box adversarial attacks on neural networks, achieving better success rates with fewer queries.

Contribution

It proposes a novel Hessian-aware zeroth-order method with improved convergence and query efficiency for black-box adversarial attacks, including new Hessian approximation techniques.

Findings

Achieves higher success rates in black-box adversarial attacks.

Reduces query complexity compared to existing zeroth-order methods.

Provides theoretical analysis of convergence improvements.

Abstract

Zeroth-order optimization is an important research topic in machine learning. In recent years, it has become a key tool in black-box adversarial attack to neural network based image classifiers. However, existing zeroth-order optimization algorithms rarely extract second-order information of the model function. In this paper, we utilize the second-order information of the objective function and propose a novel \textit{Hessian-aware zeroth-order algorithm} called \texttt{ZO-HessAware}. Our theoretical result shows that \texttt{ZO-HessAware} has an improved zeroth-order convergence rate and query complexity under structured Hessian approximation, where we propose a few approximation methods for estimating Hessian. Our empirical studies on the black-box adversarial attack problem validate that our algorithm can achieve improved success rates with a lower query complexity.