Query-Efficient Adversarial Attack Based on Latin Hypercube Sampling

TL;DR

This paper introduces a Latin Hypercube Sampling based Boundary Attack (LHS-BA) that significantly reduces the number of model queries needed for effective adversarial attacks, outperforming traditional methods on multiple datasets.

Contribution

The paper proposes a novel LHS-BA method that improves query efficiency in boundary attacks by using Latin Hypercube Sampling instead of simple random sampling.

Findings

LHS-BA achieves higher query efficiency than state-of-the-art methods.

Experimental results on MNIST, CIFAR, and ImageNet-1K validate the effectiveness of LHS-BA.

LHS-BA maintains a high attack success rate with fewer queries.

Abstract

In order to be applicable in real-world scenario, Boundary Attacks (BAs) were proposed and ensured one hundred percent attack success rate with only decision information. However, existing BA methods craft adversarial examples by leveraging a simple random sampling (SRS) to estimate the gradient, consuming a large number of model queries. To overcome the drawback of SRS, this paper proposes a Latin Hypercube Sampling based Boundary Attack (LHS-BA) to save query budget. Compared with SRS, LHS has better uniformity under the same limited number of random samples. Therefore, the average on these random samples is closer to the true gradient than that estimated by SRS. Various experiments are conducted on benchmark datasets including MNIST, CIFAR, and ImageNet-1K. Experimental results demonstrate the superiority of the proposed LHS-BA over the state-of-the-art BA methods in terms of query efficiency. The source codes are publicly available at https://github.com/GZHU-DVL/LHS-BA.