DeepSearch: A Simple and Effective Blackbox Attack for Deep Neural Networks
This addresses security vulnerabilities in AI systems for applications like autonomous vehicles and facial recognition, though it is incremental as it builds on existing blackbox attack techniques.
The paper tackles the problem of adversarial attacks on deep neural networks for image classification by introducing DeepSearch, a fuzzing-based blackbox attack that is more query-efficient and effective than state-of-the-art methods, generating more subtle adversarial inputs.
Although deep neural networks have been very successful in image-classification tasks, they are prone to adversarial attacks. To generate adversarial inputs, there has emerged a wide variety of techniques, such as black- and whitebox attacks for neural networks. In this paper, we present DeepSearch, a novel fuzzing-based, query-efficient, blackbox attack for image classifiers. Despite its simplicity, DeepSearch is shown to be more effective in finding adversarial inputs than state-of-the-art blackbox approaches. DeepSearch is additionally able to generate the most subtle adversarial inputs in comparison to these approaches.