BB-Patch: BlackBox Adversarial Patch-Attack using Zeroth-Order Optimization

TL;DR

This paper introduces BB-Patch, a black-box adversarial patch attack method using zeroth-order optimization, effective even with limited data and no access to model internals, highlighting vulnerabilities in deep learning models.

Contribution

Proposes a novel black-box adversarial patch attack leveraging zeroth-order optimization, suitable for real-world scenarios with limited data and no model access.

Findings

Effective attack with limited data

Applicable to various model architectures

Demonstrates vulnerability of deep learning models

Abstract

Deep Learning has become popular due to its vast applications in almost all domains. However, models trained using deep learning are prone to failure for adversarial samples and carry a considerable risk in sensitive applications. Most of these adversarial attack strategies assume that the adversary has access to the training data, the model parameters, and the input during deployment, hence, focus on perturbing the pixel level information present in the input image. Adversarial Patches were introduced to the community which helped in bringing out the vulnerability of deep learning models in a much more pragmatic manner but here the attacker has a white-box access to the model parameters. Recently, there has been an attempt to develop these adversarial attacks using black-box techniques. However, certain assumptions such as availability large training data is not valid for a real-life scenarios. In a real-life scenario, the attacker can only assume the type of model architecture used from a select list of state-of-the-art architectures while having access to only a subset of input dataset. Hence, we propose an black-box adversarial attack strategy that produces adversarial patches which can be applied anywhere in the input image to perform an adversarial attack.