An Evolutionary, Gradient-Free, Query-Efficient, Black-Box Algorithm for Generating Adversarial Instances in Deep Networks

TL;DR

This paper presents QuEry Attack, a novel gradient-free, query-efficient black-box method for generating adversarial examples in deep neural networks, effective against various models and defenses without needing gradient information.

Contribution

Introduces QuEry Attack, a new gradient-free, score-based black-box attack that is more query-efficient and effective than existing methods, applicable to real-world scenarios.

Findings

Outperforms existing black-box attacks in accuracy and query efficiency

Effective against multiple state-of-the-art models and defenses

Works without gradient information, suitable for real-life applications

Abstract

Deep neural networks (DNNs) are sensitive to adversarial data in a variety of scenarios, including the black-box scenario, where the attacker is only allowed to query the trained model and receive an output. Existing black-box methods for creating adversarial instances are costly, often using gradient estimation or training a replacement network. This paper introduces \textbf{Qu}ery-Efficient \textbf{E}volutiona\textbf{ry} \textbf{Attack}, \textit{QuEry Attack}, an untargeted, score-based, black-box attack. QuEry Attack is based on a novel objective function that can be used in gradient-free optimization problems. The attack only requires access to the output logits of the classifier and is thus not affected by gradient masking. No additional information is needed, rendering our method more suitable to real-life situations. We test its performance with three different state-of-the-art models -- Inception-v3, ResNet-50, and VGG-16-BN -- against three benchmark datasets: MNIST, CIFAR10 and ImageNet. Furthermore, we evaluate QuEry Attack's performance on non-differential transformation defenses and state-of-the-art robust models. Our results demonstrate the superior performance of QuEry Attack, both in terms of accuracy score and query efficiency.