| Title | Adversarial Eigen Attack on BlackBox Models |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Zhou, Linjun, Cui, Peng, Zhang, Xingxuan, Jiang, Yinan, Yang, Shiqiang |
| Conference Name | 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) |
| Date Published | jun |
| Keywords | Adversarial attack and defense, Black Box Attacks, composability, Computational modeling, Computer vision, Data models, Deep Learning, Jacobian matrices, machine learning, Metrics, Optimization methods, Perturbation methods, pubcrawl, Resiliency, Training data |
| Abstract | Black-box adversarial attack has aroused much research attention for its difficulty on nearly no available information of the attacked model and the additional constraint on the query budget. A common way to improve attack efficiency is to transfer the gradient information of a white-box substitute model trained on an extra dataset. In this paper, we deal with a more practical setting where a pre-trained white-box model with network parameters is provided without extra training data. To solve the model mismatch problem between the white-box and black-box models, we propose a novel algorithm EigenBA by systematically integrating gradient-based white-box method and zeroth-order optimization in black-box methods. We theoretically show the optimal directions of perturbations for each step are closely related to the right singular vectors of the Jacobian matrix of the pretrained white-box model. Extensive experiments on ImageNet, CIFAR-10 and WebVision show that EigenBA can consistently and significantly outperform state-of-the-art baselines in terms of success rate and attack efficiency. |
| DOI | 10.1109/CVPR52688.2022.01482 |
| Citation Key | zhou_adversarial_2022 |
Adversarial Eigen Attack on BlackBox Models