Do Not Overestimate Black-box Attacks
Track: long paper (up to 4 pages)
Keywords: Adversarial Attacks, Black-box Attacks, Image Classification, Cloud Service
TL;DR: Black-box attacks against Cloud APIs are not as effective as proposed in research papers due to several common mistakes.
Abstract: As cloud computing becomes pervasive, deep learning models are deployed on cloud servers and then provided as APIs to end users. However, black-box adversarial attacks can fool image classification models without access to model structure and weights. Recent studies have reported attack success rates of over 95\% with fewer than 1,000 queries. Then the question arises: whether black-box attacks have become a real threat against cloud APIs? To shed some light on this, our research indicates that black-box attacks are not as effective against cloud APIs as proposed in research papers due to several common mistakes that overestimate the efficiency of black-box attacks. To avoid similar mistakes, we conduct black-box attacks directly on cloud APIs rather than local models.
Anonymization: This submission has been anonymized for double-blind review via the removal of identifying information such as names, affiliations, and identifying URLs.
Submission Number: 5
Loading