| Title | Towards Efficient Data Free Blackbox Adversarial Attack |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Zhang, Jie, Li, Bo, Xu, Jianghe, Wu, Shuang, Ding, Shouhong, Zhang, Lei, Wu, Chao |
| Conference Name | 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) |
| Keywords | Adversarial attack and defense, Black Box Attacks, composability, Computational modeling, Computer vision, Data models, data privacy, generative adversarial networks, machine learning, Metrics, pubcrawl, Resiliency, Training data |
| Abstract | Classic black-box adversarial attacks can take advantage of transferable adversarial examples generated by a similar substitute model to successfully fool the target model. However, these substitute models need to be trained by target models' training data, which is hard to acquire due to privacy or transmission reasons. Recognizing the limited availability of real data for adversarial queries, recent works proposed to train substitute models in a data-free black-box scenario. However, their generative adversarial networks (GANs) based framework suffers from the convergence failure and the model collapse, resulting in low efficiency. In this paper, by rethinking the collaborative relationship between the generator and the substitute model, we design a novel black-box attack framework. The proposed method can efficiently imitate the target model through a small number of queries and achieve high attack success rate. The comprehensive experiments over six datasets demonstrate the effectiveness of our method against the state-of-the-art attacks. Especially, we conduct both label-only and probability-only attacks on the Microsoft Azure online model, and achieve a 100% attack success rate with only 0.46% query budget of the SOTA method [49]. |
| DOI | 10.1109/CVPR52688.2022.01469 |
| Citation Key | zhang_towards_2022 |
Towards Efficient Data Free Blackbox Adversarial Attack