Machine learning (ML), especially deep neural networks (DNNs) have been widely used in various applications, including several safety-critical ones (e.g. autonomous driving). As a result, recent research about adversarial examples has raised great concerns. Such adversarial attacks can be achieved by adding a small magnitude of perturbation to the input to mislead model prediction. While several whitebox attacks have demonstrated their effectiveness, which assume that the attackers have full access to the machine learning models; blackbox attacks are more realistic in practice. In this paper, we propose a Query-Efficient Boundary-based blackbox Attack (QEBA) based only on model's final prediction labels. We theoretically show why previous boundary-based attack with gradient estimation on the whole gradient space is not efficient in terms of query numbers, and provide optimality analysis for our dimension reduction-based gradient estimation. On the other hand, we conducted extensive experiments on ImageNet and CelebA datasets to evaluate QEBA. We show that compared with the state-of-the-art blackbox attacks, QEBA is able to use a smaller number of queries to achieve a lower magnitude of perturbation with 100% attack success rate. We also show case studies of attacks on real-world APIs including MEGVII Face++ and Microsoft Azure.
翻译:在各种应用中广泛使用机器学习(ML),特别是深心神经网络(DNNS),特别是深心神经网络(DNNS),包括若干安全临界黑盒攻击(QEBA),因此,最近对对抗性例子的研究引起了极大的关注。这种对抗性攻击可以通过在输入模型预测中增加小程度的扰动来达到。虽然一些白箱攻击表明其有效性,认为攻击者可以充分利用机器学习模型;黑盒攻击在实践中更为现实。我们在本文件中提议,只根据模型的最后预测标签来进行快速、高效的边界黑盒攻击(QEBA)。我们理论上表明,为什么以前以梯度估计整个梯度空间的基于边界的攻击在查询数字方面效率不高,并为我们的尺寸降低梯度估计提供最佳性分析。另一方面,我们在图像网和CelebA数据集上进行了广泛的实验,以评价QEBA。我们显示,与州-艺术黑盒攻击相比,QEBA能够使用更小数量的基于梯度攻击,包括AS AS-B AS AS AS AS AS AS AS AS ASV ASV ASV AS ASV prampal prampbreal practal press press press press pressal pressal pressal pressal pressal ex a a a a ex a ex ex ex ex ex press press press express expressal apressal expressal expressal express ex acre apress press pressal action acuction acre action action action action ex acre action action action action action action action action action abre action actions acal acal acal action action action action action actions actions a ex apress actions a a a a action action a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员