Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Exploiting the Local Parabolic Landscapes of Adversarial Losses to Accelerate Black-Box Adversarial Attack

Conference ·
 [1];  [1];  [1]
  1. ORNL
+ Show Author Affiliations
Existing black-box adversarial attacks on image classifiers update the perturbation at each iteration from only a small number of queries of the loss function. Since the queries contain very limited information about the loss, black-box methods usually require much more queries than white-box methods. We propose to improve the query efficiency of black-box methods by exploiting the smoothness of the local loss landscape. However, many adversarial losses are not locally smooth with respect to pixel perturbations. To resolve this issue, our first contribution is to theoretically and experimentally justify that the adversarial losses of many standard and robust image classifiers behave like parabolas with respect to perturbations in the Fourier domain. Our second contribution is to exploit the parabolic landscape to build a quadratic approximation of the loss around the current state, and use this approximation to interpolate the loss value as well as update the perturbation without additional queries. Since the local region is already informed by the quadratic fitting, we use large perturbation steps to explore far areas. We demonstrate the efficiency of our method on MNIST, CIFAR-10 and ImageNet datasets for various standard and robust models, as well as on Google Cloud Vision. The experimental results show that exploiting the loss landscape can help significantly reduce the number of queries and increase the success rate. Our codes are available at https://github.com/HoangATran/BABIES.
Research Organization:
Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-00OR22725
OSTI ID:
1997810
Country of Publication:
United States
Language:
English

References (15)

Projection & Probability-Driven Black-Box Attack conference June 2020
ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks without Training Substitute Models
  • Chen, Pin-Yu; Zhang, Huan; Sharma, Yash
  • CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security, Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security https://doi.org/10.1145/3128572.3140448
conference November 2017
A Frank-Wolfe Framework for Efficient and Effective Adversarial Attacks journal April 2020
Query-Efficient Black-Box Adversarial Attacks Guided by a Transfer-Based Prior journal December 2022
Deep Residual Learning for Image Recognition conference June 2016
On the Effectiveness of Low Frequency Perturbations conference August 2019
Rethinking the Inception Architecture for Computer Vision conference June 2016
Simple Black-Box Adversarial Attacks on Deep Neural Networks conference July 2017
Square Attack: A Query-Efficient Black-Box Adversarial Attack via Random Search book January 2020
Practical Black-Box Attacks against Machine Learning
  • Papernot, Nicolas; McDaniel, Patrick; Goodfellow, Ian
  • ASIA CCS '17: ACM Asia Conference on Computer and Communications Security, Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security https://doi.org/10.1145/3052973.3053009
conference April 2017
Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks conference October 2019
Practical Black-Box Attacks on Deep Neural Networks Using Efficient Query Mechanisms book January 2018
GenAttack conference July 2019
Towards Evaluating the Robustness of Neural Networks conference May 2017
AutoZOOM: Autoencoder-Based Zeroth Order Optimization Method for Attacking Black-Box Neural Networks journal July 2019

Similar Records

Sign-OPT: A Query-Efficient Hard-label Adversarial Attack
Conference · Sun Apr 26 00:00:00 EDT 2020 · OSTI ID:1958845
Attribute-Guided Adversarial Training for Robustness to Natural Perturbations
Journal Article · Mon May 17 20:00:00 EDT 2021 · Proceedings of the AAAI Conference on Artificial Intelligence · OSTI ID:1888097
Topological Signatures of Adversaries in Multimodal Alignments
Software · Sun Nov 30 19:00:00 EST 2025 · OSTI ID:code-171703

Related Subjects