Effective Universal Unrestricted Adversarial Attacks using a MOE Approach
A.E. Baia, G. Di Bari, V. Poggioni
TL;DR
This paper introduces a multi-objective nested evolutionary algorithm that generates universal, effective, and undetectable adversarial image attacks in black-box scenarios by applying image filters.
Contribution
It presents a novel multi-objective nested evolutionary approach for creating universal adversarial examples using image filters, considering both attack success and detection rates.
Findings
Effective generation of undetectable adversarial attacks
High success rate in black-box scenarios
Filters can fool classifiers while evading detection
Abstract
Recent studies have shown that Deep Leaning models are susceptible to adversarial examples, which are data, in general images, intentionally modified to fool a machine learning classifier. In this paper, we present a multi-objective nested evolutionary algorithm to generate universal unrestricted adversarial examples in a black-box scenario. The unrestricted attacks are performed through the application of well-known image filters that are available in several image processing libraries, modern cameras, and mobile applications. The multi-objective optimization takes into account not only the attack success rate but also the detection rate. Experimental results showed that this approach is able to create a sequence of filters capable of generating very effective and undetectable attacks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques · Physical Unclonable Functions (PUFs) and Hardware Security