| Title | HopSkipJumpAttack: A Query-Efficient Decision-Based Attack |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Chen, Jianbo, Jordan, Michael I., Wainwright, Martin J. |
| Conference Name | 2020 IEEE Symposium on Security and Privacy (SP) |
| Keywords | Estimation, Iterative methods, Measurement, Metrics, Neural networks, Optimization, Perturbation methods, Predictive models, predictive security metrics, pubcrawl |
| Abstract | The goal of a decision-based adversarial attack on a trained model is to generate adversarial examples based solely on observing output labels returned by the targeted model. We develop HopSkipJumpAttack, a family of algorithms based on a novel estimate of the gradient direction using binary information at the decision boundary. The proposed family includes both untargeted and targeted attacks optimized for $\mathscrl$ and $\mathscrlinfty$ similarity metrics respectively. Theoretical analysis is provided for the proposed algorithms and the gradient direction estimate. Experiments show HopSkipJumpAttack requires significantly fewer model queries than several state-of-the-art decision-based adversarial attacks. It also achieves competitive performance in attacking several widely-used defense mechanisms. |
| DOI | 10.1109/SP40000.2020.00045 |
| Citation Key | chen_hopskipjumpattack_2020 |
HopSkipJumpAttack: A Query-Efficient Decision-Based Attack