Evaluation of Four Black-box Adversarial Attacks and Some Query-efficient Improvement Analysis
Rui Wang
TL;DR
This paper analyzes four black-box adversarial attack algorithms, compares their effectiveness, and investigates how to improve the query efficiency of Square Attack by adjusting its square size.
Contribution
It provides a comprehensive comparison of four black-box attack methods and explores a novel approach to enhance Square Attack's query efficiency.
Findings
Square Attack's performance varies with square size.
Analysis of four black-box attack algorithms.
Potential improvements in query efficiency for Square Attack.
Abstract
With the fast development of machine learning technologies, deep learning models have been deployed in almost every aspect of everyday life. However, the privacy and security of these models are threatened by adversarial attacks. Among which black-box attack is closer to reality, where limited knowledge can be acquired from the model. In this paper, we provided basic background knowledge about adversarial attack and analyzed four black-box attack algorithms: Bandits, NES, Square Attack and ZOsignSGD comprehensively. We also explored the newly proposed Square Attack method with respect to square size, hoping to improve its query efficiency.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Network Security and Intrusion Detection