Acceso al sitio web del Consejo de Políticas de Infraestructura
REVISTA
Algorithms

   
Inicio  /  Algorithms  /  Vol: 15 Par: 11 (2022)  /  Artículo
ARTÍCULO
TITULO

An Evolutionary, Gradient-Free, Query-Efficient, Black-Box Algorithm for Generating Adversarial Instances in Deep Convolutional Neural Networks

Raz Lapid    
Zvika Haramaty and Moshe Sipper    

Resumen

Deep neural networks (DNNs) are sensitive to adversarial data in a variety of scenarios, including the black-box scenario, where the attacker is only allowed to query the trained model and receive an output. Existing black-box methods for creating adversarial instances are costly, often using gradient estimation or training a replacement network. This paper introduces Query-Efficient Evolutionary Attack?QuEry Attack?an untargeted, score-based, black-box attack. QuEry Attack is based on a novel objective function that can be used in gradient-free optimization problems. The attack only requires access to the output logits of the classifier and is thus not affected by gradient masking. No additional information is needed, rendering our method more suitable to real-life situations. We test its performance with three different, commonly used, pretrained image-classifications models?Inception-v3, ResNet-50, and VGG-16-BN?against three benchmark datasets: MNIST, CIFAR10 and ImageNet. Furthermore, we evaluate QuEry Attack?s performance on non-differential transformation defenses and robust models. Our results demonstrate the superior performance of QuEry Attack, both in terms of accuracy score and query efficiency.

PÁGINAS
pp. 0 - 0

 Artículos similares

       
 
Thomas T. H. Wan and Hunter S. Wan    
Context. This commentary is based on an innovative approach to the development of predictive analytics. It is centered on the development of predictive models for varying stages of chronic disease through integrating all types of datasets, adds various n... ver más
Revista: AI

 
Kazuki Koga and Kazuhiro Takemoto    
Universal adversarial attacks, which hinder most deep neural network (DNN) tasks using only a single perturbation called universal adversarial perturbation (UAP), are a realistic security threat to the practical application of a DNN for medical imaging. ... ver más
Revista: Algorithms

 
Adel Younis and Zuomin Dong    
The employment of conventional optimization procedures that must be repeatedly invoked during the optimization process in real-world engineering applications is hindered despite significant gains in computing power by computationally expensive models. As... ver más
Revista: Algorithms

 
Andreas Maniatopoulos, Paraskevi Alvanaki and Nikolaos Mitianoudis    
The recent boom of artificial Neural Networks (NN) has shown that NN can provide viable solutions to a variety of problems. However, their complexity and the lack of efficient interpretation of NN architectures (commonly considered black box techniques) ... ver más
Revista: Information

 
Abel Garcia-Barrientos, David Torres-Uresti, Francisco R. Castillo-Soria, Ulises Pineda-Rico, Jose Antonio Hoyo-Montaño, Obed Perez-Cortes and Patricio Ordaz-Oliver    
The design and implementation of a car?s black box system using a Raspberry Pi microcomputer and an Internet of things module is presented in this research. This system was built using a Raspberry Pi microcomputer and different sensors, including a GPS, ... ver más
Revista: Applied Sciences