SemiAdv: Query-Efficient Black-Box Adversarial Attack with Unlabeled Images

TL;DR

SemiAdv introduces a semi-supervised, query-efficient black-box adversarial attack method that effectively uses unlabeled data, significantly reducing query counts while maintaining high success rates.

Contribution

The paper presents SemiAdv, a novel semi-supervised approach that decreases query complexity and relaxes data labeling requirements in black-box adversarial attacks.

Findings

SemiAdv achieves over 90% attack success rate with only a few hundred queries.

It reduces query accesses by up to 12 times compared to previous methods.

SemiAdv effectively utilizes unlabeled data for adversarial attack generation.

Abstract

Adversarial attack has garnered considerable attention due to its profound implications for the secure deployment of robots in sensitive security scenarios. To potentially push for advances in the field, this paper studies the adversarial attack in the black-box setting and proposes an unlabeled data-driven adversarial attack method, called SemiAdv. Specifically, SemiAdv achieves the following breakthroughs compared with previous works. First, by introducing the semi-supervised learning technique into the adversarial attack, SemiAdv substantially decreases the number of queries required for generating adversarial samples. On average, SemiAdv only needs to query a few hundred times to launch an effective attack with more than 90% success rate. Second, many existing black-box adversarial attacks require massive labeled data to mitigate the difference between the local substitute model and the remote target model for a good attack performance. While SemiAdv relaxes this limitation and is capable of utilizing unlabeled raw data to launch an effective attack. Finally, our experiments show that SemiAdv saves up to 12x query accesses for generating adversarial samples while maintaining a competitive attack success rate compared with state-of-the-art attacks.