Abstract
Due to the importance of security, the adversarial attack has become an increasingly popular area for deep learning, especially the black-box adversarial attack, which can only obtain the input and output of the target model, resulting in closer to the real world. Query-based methods are a common strategy for performing black-box attacks, and they can find a slight perturbation to make target model misclassify by continuously querying the target model to obtain the output of the target model. However, query-based methods usually suffer from a serious flaw that needs massive queries, which is unaccepted in the real world. Although some query-efficient methods have been proposed to alleviate the above problems, they greatly sacrifice the quality of adversarial examples due to their problem formulations. To generate high-quality adversarial examples with a limited query budget, we propose a Bayesian evolutionary optimization (BEO) based black-box attack method using differential evolution, where a Gaussian processes model is employed to approximate the real objective function. As a key component of the BEO, we use seven acquisition functions to sample the new solution to update the Gaussian processes model, and an information entropy based selection strategy is proposed to adaptively choose the acquisition function. Finally, an effectiveness validation study is carried out comparing the proposed method with five other black-box attack methods and one Bayesian optimization (BO) method using the CIFAR-10 and ImageNet datasets. Experimental results demonstrate that the proposed method can effectively generate adversarial examples using only 200 queries.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.