CorrAttack: Black-box Adversarial Attack with Structured Search

Zhichao Huang; Yaowei Huang; Tong Zhang

CorrAttack: Black-box Adversarial Attack with Structured Search

Zhichao Huang, Yaowei Huang, Tong Zhang

28 Sept 2020 (modified: 22 Oct 2023)ICLR 2021 Conference Blind SubmissionReaders: Everyone

Keywords: adversarial examples, black-box attack, bandits

Abstract: We present a new method for score-based adversarial attack, where the attacker queries the loss-oracle of the target model. Our method employs a parameterized search space with a structure that captures the relationship of the gradient of the loss function. We show that searching over the structured space can be approximated by a time-varying contextual bandits problem, where the attacker takes feature of the associated arm to make modifications of the input, and receives an immediate reward as the reduction of the loss function. The time-varying contextual bandits problem can then be solved by a Bayesian optimization procedure, which can take advantage of the features of the structured action space. The experiments on ImageNet and the Google Cloud Vision API demonstrate that the proposed method achieves the state of the art success rates and query efficiencies for both undefended and defended models.

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics

Supplementary Material: zip

Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 1 code implementation](https://www.catalyzex.com/paper/arxiv:2010.01250/code)

Reviewed Version (pdf): https://openreview.net/references/pdf?id=QcJzmJzVI

11 Replies

Loading