Black-box Adversarial Attacks with Bayesian Optimization
This addresses the challenge of query-efficient adversarial attacks for machine learning security, though it is incremental as it builds on existing black-box methods.
The paper tackles the problem of generating adversarial examples in black-box settings with limited query budgets, achieving up to 80% reduction in query count compared to state-of-the-art methods.
We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples using information limited to loss function evaluations of input-output pairs. We use Bayesian optimization~(BO) to specifically cater to scenarios involving low query budgets to develop query efficient adversarial attacks. We alleviate the issues surrounding BO in regards to optimizing high dimensional deep learning models by effective dimension upsampling techniques. Our proposed approach achieves performance comparable to the state of the art black-box adversarial attacks albeit with a much lower average query count. In particular, in low query budget regimes, our proposed method reduces the query count up to $80\%$ with respect to the state of the art methods.