Black-box Adversarial Attacks with Bayesian Optimization
Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, J. Zico Kolter
TL;DR
This paper introduces a query-efficient black-box adversarial attack method using Bayesian optimization, significantly reducing the number of queries needed compared to existing techniques, especially in low-query scenarios.
Contribution
The paper proposes a novel Bayesian optimization-based approach with effective dimension upsampling to enhance query efficiency in black-box adversarial attacks.
Findings
Achieves comparable attack success with fewer queries.
Reduces query count by up to 80% in low-query regimes.
Performs well on high-dimensional deep learning models.
Abstract
We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples using information limited to loss function evaluations of input-output pairs. We use Bayesian optimization~(BO) to specifically cater to scenarios involving low query budgets to develop query efficient adversarial attacks. We alleviate the issues surrounding BO in regards to optimizing high dimensional deep learning models by effective dimension upsampling techniques. Our proposed approach achieves performance comparable to the state of the art black-box adversarial attacks albeit with a much lower average query count. In particular, in low query budget regimes, our proposed method reduces the query count up to with respect to the state of the art methods.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Physical Unclonable Functions (PUFs) and Hardware Security · Anomaly Detection Techniques and Applications