Distributed Black-box Attack: Do Not Overestimate Black-box Attacks
Han Wu, Sareh Rowlands, Johan Wahlstrom
TL;DR
This paper critically examines the effectiveness of black-box adversarial attacks on cloud API models, revealing that previous high success rates are overestimated due to common mistakes, and emphasizes testing attacks directly on cloud services.
Contribution
It highlights the overestimation of black-box attack success rates and advocates for evaluating attacks directly on cloud APIs to obtain realistic assessments.
Findings
Black-box attacks are less effective on cloud APIs than previously reported.
Common mistakes lead to overestimating attack success rates.
Direct testing on cloud APIs provides more accurate evaluations.
Abstract
As cloud computing becomes pervasive, deep learning models are deployed on cloud servers and then provided as APIs to end users. However, black-box adversarial attacks can fool image classification models without access to model structure and weights. Recent studies have reported attack success rates of over 95% with fewer than 1,000 queries. Then the question arises: whether black-box attacks have become a real threat against cloud APIs? To shed some light on this, our research indicates that black-box attacks are not as effective against cloud APIs as proposed in research papers due to several common mistakes that overestimate the efficiency of black-box attacks. To avoid similar mistakes, we conduct black-box attacks directly on cloud APIs rather than local models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · COVID-19 diagnosis using AI