Black-box Adversarial Attacks with Bayesian Optimization

Satya Narayan Shukla; Anit Kumar Sahu; Devin Willmott; J. Zico Kolter

Black-box Adversarial Attacks with Bayesian Optimization

Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, J. Zico Kolter

25 Sept 2019 (modified: 22 Oct 2023)ICLR 2020 Conference Blind SubmissionReaders: Everyone

TL;DR: We show that a relatively simple black-box adversarial attack scheme using Bayesian optimization and dimension upsampling is preferable to existing methods when the number of available queries is very low.

Abstract: We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples using information limited to loss function evaluations of input-output pairs. We use Bayesian optimization (BO) to specifically cater to scenarios involving low query budgets to develop query efficient adversarial attacks. We alleviate the issues surrounding BO in regards to optimizing high dimensional deep learning models by effective dimension upsampling techniques. Our proposed approach achieves performance comparable to the state of the art black-box adversarial attacks albeit with a much lower average query count. In particular, in low query budget regimes, our proposed method reduces the query count up to 80% with respect to the state of the art methods.

Keywords: black-box adversarial attacks, bayesian optimization

Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 2 code implementations](https://www.catalyzex.com/paper/arxiv:1909.13857/code)

Original Pdf: pdf

10 Replies

Loading