Sign-OPT: A Query-Efficient Hard-label Adversarial Attack

Cheng, Minhao; Singh, Simranjit; Chen, Patrick; Chen, Pin-Yu; Liu, Sijia; Hsieh, Cho-Jui

doi:10.48550/arXiv.1909.10773

Title: Sign-OPT: A Query-Efficient Hard-label Adversarial Attack

Conference · Sun Apr 26 00:00:00 EDT 2020

DOI:https://doi.org/10.48550/arXiv.1909.10773· OSTI ID:1958845

Cheng, Minhao; Singh, Simranjit; Chen, Patrick; Chen, Pin-Yu; Liu, Sijia; Hsieh, Cho-Jui

We study the most practical problem setup for evaluating adversarial robustness of a machine learning system with limited access: the hard-label black-box attack setting for generating adversarial examples, where limited model queries are allowed and only the decision is provided to a queried data input. Several algorithms have been proposed for this problem but they typically require huge amount (>20,000) of queries for attacking one example. Among them, one of the state-of-the-art approaches (Cheng et al., 2019) showed that hard-label attack can be modeled as an optimization problem where the objective function can be evaluated by binary search with additional model queries, thereby a zeroth order optimization algorithm can be applied. In this paper, we adopt the same optimization formulation but propose to directly estimate the sign of gradient at any direction instead of the gradient itself, which enjoys the benefit of single query. Using this single query oracle for retrieving sign of directional derivative, we develop a novel query-efficient Sign-OPT approach for hard-label black-box attack. We provide a convergence analysis of the new algorithm and conduct experiments on several models on MNIST, CIFAR-10 and ImageNet. We find that Sign-OPT attack consistently requires 5X to 10X fewer queries when compared to the current state-of-the-art approaches, and usually converges to an adversarial example with smaller perturbation.

View Conference

Cite

Export

Save

Research Organization:: Univ. of Nevada, Reno, NV (United States)

Sponsoring Organization:: USDOE Office of Electricity (OE)

DOE Contract Number:: OE0000911

OSTI ID:: 1958845

Resource Relation:: Conference: 8th International Conference on Learning Representations, ICLR 2020, Virtual, 26 April - 1 May 2020

Country of Publication:: United States

Language:: English

Similar Records

Towards Query-Efficient Black-Box Adversary with Zeroth-Order Natural Gradient Descent

Conference · Fri Apr 03 00:00:00 EDT 2020 · Proceedings of the AAAI Conference on Artificial Intelligence · OSTI ID:1958845

Zhao, Pu; Chen, Pin-yu; Wang, Siyue; +1 more

Exploiting the Local Parabolic Landscapes of Adversarial Losses to Accelerate Black-Box Adversarial Attack

Conference · Tue Nov 01 00:00:00 EDT 2022 · OSTI ID:1958845

Tran, Hoang; Lu, Dan; Zhang, Guannan

Adaptive activation functions accelerate convergence in deep and physics-informed neural networks

Journal Article · Mon Nov 25 00:00:00 EST 2019 · Journal of Computational Physics · OSTI ID:1958845

Jagtap, Ameya D.; Kawaguchi, Kenji; Karniadakis, George Em

Title: Sign-OPT: A Query-Efficient Hard-label Adversarial Attack

Citation Formats

Similar Records

Related Subjects