Abstract
Recent studies show that deep neural networks are vulnerable to adversarial attacks, and the research of adversarial attack has become a hotspot in the field of artificial intelligence security. The decision-based black-box attack is one of the most challenging problems in the field of adversarial attack. Decision-based black-box attacks usually have the problems of high query times and low attack success rate. Several algorithms have been proposed to solve this problem and one of the algorithms presented by Cheng et al. models this attack as an optimization problem. However, this algorithm is based on the method of adding perturbation to the whole pixel, the number of queries is still very high and the convergence perturbation is not necessarily the minimum. In this paper, we present an improved strategy based on stochastic coordinate selection, hoping to improve the query efficiency while reducing the distortion. The convergence of the improved algorithm is analysed, and experiments are carried out on CIFAR-10 and ImageNet datasets. It has been shown that, compared with the original algorithm, our algorithm can find lower distortion using the same number of queries, and the success rate can be improved to different degrees under different query restrictions.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
