2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | IFS-2.6 | ||
| Paper Title | ROBUST DECISION-BASED BLACK-BOX ADVERSARIAL ATTACK VIA COARSE-TO-FINE RANDOM SEARCH | ||
| Authors | Byeong Cheon Kim, Youngjoon Yu, Yong Man Ro, Korea Advanced Institute of Science and Technology, Republic of Korea | ||
| Session | IFS-2: Information Forensics and Security | ||
| Location | Area K | ||
| Session Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation Time: | Monday, 20 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Information Forensics and Security: Multimedia forensics | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | Many studies on reducing the adversarial vulnerability of deep neural networks have been published in the field of machine learning. To evaluate the actual robustness of networks, various adversarial attacks have been proposed. Most previous works have focused on white-box settings which assume that the adversary can have full access to the target models. Since they are not practical in real-world situations, recent studies on black-box attacks have received a lot of attention. However, existing black-box attacks have critical limitations, such as yielding a low attack success rate or relying too much on gradient estimation and decision boundaries. Those attacks are ineffective against weak defenses using gradient obfuscation. In this paper, we propose a novel gradient-free decision-based black-box attack using random search optimization. The proposed method only needs a hard-label (decision-based) and is effective against defenses using gradient obfuscation. Experimental results validate its query-efficiency and improved L2 distance. | ||