Query-efficient Meta Attack to Deep Neural Networks

TL;DR

This paper introduces a meta learning-based black-box attack method for deep neural networks that significantly reduces query requirements while maintaining attack effectiveness across various models.

Contribution

It presents a novel meta attack approach leveraging meta learning to improve query efficiency and generalizability in black-box DNN attacks.

Findings

Reduces number of queries needed for effective attacks

Achieves high attack success rate across multiple datasets

Demonstrates adaptability to different models

Abstract

Black-box attack methods aim to infer suitable attack patterns to targeted DNN models by only using output feedback of the models and the corresponding input queries. However, due to lack of prior and inefficiency in leveraging the query and feedback information, existing methods are mostly query-intensive for obtaining effective attack patterns. In this work, we propose a meta attack approach that is capable of attacking a targeted model with much fewer queries. Its high queryefficiency stems from effective utilization of meta learning approaches in learning generalizable prior abstraction from the previously observed attack patterns and exploiting such prior to help infer attack patterns from only a few queries and outputs. Extensive experiments on MNIST, CIFAR10 and tiny-Imagenet demonstrate that our meta-attack method can remarkably reduce the number of model queries without sacrificing the attack performance. Besides, the obtained meta attacker is not restricted to a particular model but can be used easily with a fast adaptive ability to attack a variety of models.The code of our work is available at https://github.com/dydjw9/MetaAttack_ICLR2020/.