Evaluation of Four Black-box Adversarial Attacks and Some Query-efficient Improvement Analysis
This work addresses security threats to deployed deep learning models by analyzing and optimizing black-box attacks, but it is incremental as it builds on existing methods.
The paper evaluated four black-box adversarial attack algorithms (Bandits, NES, Square Attack, ZOsignSGD) and analyzed improvements to Square Attack's query efficiency by adjusting square size.
With the fast development of machine learning technologies, deep learning models have been deployed in almost every aspect of everyday life. However, the privacy and security of these models are threatened by adversarial attacks. Among which black-box attack is closer to reality, where limited knowledge can be acquired from the model. In this paper, we provided basic background knowledge about adversarial attack and analyzed four black-box attack algorithms: Bandits, NES, Square Attack and ZOsignSGD comprehensively. We also explored the newly proposed Square Attack method with respect to square size, hoping to improve its query efficiency.