Research

On the Design of Black-box Adversarial Examples by Leveraging Gradient-free Optimization and Operator Splitting Method

Optimization

Authors

Published on

07/26/2019

Robust machine learning is currently one of the most prominent topics which could potentially help shaping a future of advanced AI platforms that not only perform well in average cases but also in worst cases or adverse situations. Despite the long-term vision, however, existing studies on black-box adversarial attacks are still restricted to very specific settings of threat models (e.g., single distortion metric and restrictive assumption on target model’s feedback to queries) and/or suffer from prohibitively high query complexity. To push for further advances in this field, we introduce a general framework based on an operator splitting method, the alternating direction method of multipliers (ADMM) to devise efficient, robust black-box attacks that work with various distortion metrics and feedback settings without incurring high query complexity. Due to the black-box nature of the threat model, the proposed ADMM solution framework is integrated with zeroth-order (ZO) optimization and Bayesian optimization (BO), and thus is applicable to the gradient-free regime. This results in two new black-box adversarial attack generation methods, ZO-ADMM and BO-ADMM. Our empirical evaluations on image classification datasets show that our proposed approaches have much lower function query complexities compared to state-of-the-art attack methods, but achieve very competitive attack success rates.

Please cite our work using the BibTeX below.

@article{DBLP:journals/corr/abs-1907-11684,
  author    = {Pu Zhao and
               Sijia Liu and
               Pin{-}Yu Chen and
               Nghia Hoang and
               Kaidi Xu and
               Bhavya Kailkhura and
               Xue Lin},
  title     = {On the Design of Black-box Adversarial Examples by Leveraging Gradient-free
               Optimization and Operator Splitting Method},
  journal   = {CoRR},
  volume    = {abs/1907.11684},
  year      = {2019},
  url       = {http://arxiv.org/abs/1907.11684},
  archivePrefix = {arXiv},
  eprint    = {1907.11684},
  timestamp = {Thu, 01 Aug 2019 08:59:33 +0200},
  biburl    = {https://dblp.org/rec/journals/corr/abs-1907-11684.bib},
  bibsource = {dblp computer science bibliography, https://dblp.org}
}
Close Modal