Art-Attack: Black-Box Adversarial Attack via Evolutionary Art
This addresses the vulnerability of DNNs to realistic black-box attacks, offering a more effective approach for security testing, though it is incremental as it builds on existing black-box attack methods.
The paper tackles the problem of black-box adversarial attacks on deep neural networks by proposing a gradient-free method using evolutionary art to generate adversarial examples with overlapping transparent shapes, achieving a higher attack success rate on three state-of-the-art image classification models trained on CIFAR-10 compared to existing black-box attacks.
Deep neural networks (DNNs) have achieved state-of-the-art performance in many tasks but have shown extreme vulnerabilities to attacks generated by adversarial examples. Many works go with a white-box attack that assumes total access to the targeted model including its architecture and gradients. A more realistic assumption is the black-box scenario where an attacker only has access to the targeted model by querying some input and observing its predicted class probabilities. Different from most prevalent black-box attacks that make use of substitute models or gradient estimation, this paper proposes a gradient-free attack by using a concept of evolutionary art to generate adversarial examples that iteratively evolves a set of overlapping transparent shapes. To evaluate the effectiveness of our proposed method, we attack three state-of-the-art image classification models trained on the CIFAR-10 dataset in a targeted manner. We conduct a parameter study outlining the impact the number and type of shapes have on the proposed attack's performance. In comparison to state-of-the-art black-box attacks, our attack is more effective at generating adversarial examples and achieves a higher attack success rate on all three baseline models.