Black-box Adversarial Example Generation with Normalizing Flows

TL;DR

This paper introduces a novel black-box adversarial attack method leveraging normalizing flows, enabling the generation of realistic adversarial examples that closely resemble original data, and demonstrates its effectiveness against existing attacks.

Contribution

The paper presents a new black-box attack technique using normalizing flows to generate realistic adversarial examples, improving attack performance over existing methods.

Findings

The proposed method effectively generates realistic adversarial examples.

It outperforms existing black-box attack techniques.

The approach demonstrates strong transferability and success rate.

Abstract

Deep neural network classifiers suffer from adversarial vulnerability: well-crafted, unnoticeable changes to the input data can affect the classifier decision. In this regard, the study of powerful adversarial attacks can help shed light on sources of this malicious behavior. In this paper, we propose a novel black-box adversarial attack using normalizing flows. We show how an adversary can be found by searching over a pre-trained flow-based model base distribution. This way, we can generate adversaries that resemble the original data closely as the perturbations are in the shape of the data. We then demonstrate the competitive performance of the proposed approach against well-known black-box adversarial attack methods.