TL;DR
This paper systematically studies adversarial attacks on real-world deep learning models in Android apps, revealing current methods' limited effectiveness and proposing adaptations that significantly improve attack success rates.
Contribution
The paper introduces a comprehensive dataset of real-world DL models from Android apps and develops adapted attack algorithms for black-box models, bridging the gap between theoretical and practical adversarial attacks.
Findings
Current AE algorithms attack only 6.53% of real-world models.
Proposed methods increase attack success rate to 47.35%.
Analyzed 245 models from 62,583 apps to evaluate attack effectiveness.
Abstract
Famous for its superior performance, deep learning (DL) has been popularly used within many applications, which also at the same time attracts various threats to the models. One primary threat is from adversarial attacks. Researchers have intensively studied this threat for several years and proposed dozens of approaches to create adversarial examples (AEs). But most of the approaches are only evaluated on limited models and datasets (e.g., MNIST, CIFAR-10). Thus, the effectiveness of attacking real-world DL models is not quite clear. In this paper, we perform the first systematic study of adversarial attacks on real-world DNN models and provide a real-world model dataset named RWM. Particularly, we design a suite of approaches to adapt current AE generation algorithms to the diverse real-world DL models, including automatically extracting DL models from Android apps, capturing the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
