| Title | A Black-Box Approach to Generate Adversarial Examples Against Deep Neural Networks for High Dimensional Input |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Song, Chengru, Xu, Changqiao, Yang, Shujie, Zhou, Zan, Gong, Changhui |
| Conference Name | 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC) |
| Date Published | jun |
| Keywords | adversarial examples, adversarial perturbations, approximation theory, Black Box Security, black-box approach, black-box setting, CNNs, composability, Conferences, Cyberspace, Data Science, deep neural networks, extensive recent works, face recognition, generate adversarial examples, generating adversarial samples, gradient methods, high dimensional, image classification, Iterative methods, learning (artificial intelligence), learning models, linear fine-grained search, linear regression model, machine-to-machine communications, Metrics, minimizing noncontinuous function, model parameters, neural nets, noncontinuous step function problem, numerous advanced image classifiers, optimisation, pubcrawl, queries, query processing, regression analysis, resilience, Resiliency, security of data, white-box setting, Zeroth order, zeroth order optimization algorithm, zeroth-order optimization method |
| Abstract | Generating adversarial samples is gathering much attention as an intuitive approach to evaluate the robustness of learning models. Extensive recent works have demonstrated that numerous advanced image classifiers are defenseless to adversarial perturbations in the white-box setting. However, the white-box setting assumes attackers to have prior knowledge of model parameters, which are generally inaccessible in real world cases. In this paper, we concentrate on the hard-label black-box setting where attackers can only pose queries to probe the model parameters responsible for classifying different images. Therefore, the issue is converted into minimizing non-continuous function. A black-box approach is proposed to address both massive queries and the non-continuous step function problem by applying a combination of a linear fine-grained search, Fibonacci search, and a zeroth order optimization algorithm. However, the input dimension of a image is so high that the estimation of gradient is noisy. Hence, we adopt a zeroth-order optimization method in high dimensions. The approach converts calculation of gradient into a linear regression model and extracts dimensions that are more significant. Experimental results illustrate that our approach can relatively reduce the amount of queries and effectively accelerate convergence of the optimization method. |
| DOI | 10.1109/DSC.2019.00078 |
| Citation Key | song_black-box_2019 |
A Black-Box Approach to Generate Adversarial Examples Against Deep Neural Networks for High Dimensional Input