Theoretical Corrections and the Leveraging of Reinforcement Learning to Enhance Triangle Attack

TL;DR

This paper introduces TARL, a reinforcement learning-based decision black-box attack that improves upon Triangle Attack by reducing query count while maintaining or enhancing attack accuracy on image classifiers.

Contribution

It proposes a novel reinforcement learning approach to decision-based black-box attacks, overcoming theoretical limitations of Triangle Attack and improving efficiency.

Findings

TARL achieves similar or better attack accuracy than TA.

TARL uses half the number of queries compared to TA.

Effective on state-of-the-art classifiers and defenses across ImageNet and CIFAR-10.

Abstract

Adversarial examples represent a serious issue for the application of machine learning models in many sensitive domains. For generating adversarial examples, decision based black-box attacks are one of the most practical techniques as they only require query access to the model. One of the most recently proposed state-of-the-art decision based black-box attacks is Triangle Attack (TA). In this paper, we offer a high-level description of TA and explain potential theoretical limitations. We then propose a new decision based black-box attack, Triangle Attack with Reinforcement Learning (TARL). Our new attack addresses the limits of TA by leveraging reinforcement learning. This creates an attack that can achieve similar, if not better, attack accuracy than TA with half as many queries on state-of-the-art classifiers and defenses across ImageNet and CIFAR-10.