Consensus-based optimization for closed-box adversarial attacks and a connection to evolution strategies

TL;DR

This paper explores the use of consensus-based optimization (CBO) for closed-box adversarial attacks, establishing theoretical links to evolution strategies and demonstrating CBO's potential advantages through experiments.

Contribution

It introduces a connection between consensus hopping and evolution strategies, and shows CBO can outperform other methods in certain adversarial attack scenarios.

Findings

CBO can outperform NES in some attack scenarios

A theoretical link between CBO, NES, and gradient-based methods is established

Experimental results demonstrate CBO's effectiveness in black-box attacks

Abstract

Consensus-based optimization (CBO) has established itself as an efficient gradient-free optimization scheme, with attractive mathematical properties, such as mean-field convergence results for non-convex loss functions. In this work, we study CBO in the context of closed-box adversarial attacks, which are imperceptible input perturbations that aim to fool a classifier, without accessing its gradient. Our contribution is to establish a connection between the so-called consensus hopping as introduced by Riedl et al. and natural evolution strategies (NES) commonly applied in the context of adversarial attacks and to rigorously relate both methods to gradient-based optimization schemes. Beyond that, we provide a comprehensive experimental study that shows that despite the conceptual similarities, CBO can outperform NES and other evolutionary strategies in certain scenarios.