Distributed Black-box Attack: Do Not Overestimate Black-box Attacks
This work addresses the overestimation of black-box attack threats for cloud API security, highlighting incremental improvements in evaluation methods.
The study investigated the effectiveness of black-box adversarial attacks on cloud APIs, finding that they are less effective than previously reported due to common methodological mistakes, with attacks conducted directly on cloud APIs showing reduced success.
As cloud computing becomes pervasive, deep learning models are deployed on cloud servers and then provided as APIs to end users. However, black-box adversarial attacks can fool image classification models without access to model structure and weights. Recent studies have reported attack success rates of over 95% with fewer than 1,000 queries. Then the question arises: whether black-box attacks have become a real threat against cloud APIs? To shed some light on this, our research indicates that black-box attacks are not as effective against cloud APIs as proposed in research papers due to several common mistakes that overestimate the efficiency of black-box attacks. To avoid similar mistakes, we conduct black-box attacks directly on cloud APIs rather than local models.