SemiAdv: Query-Efficient Black-Box Adversarial Attack with Unlabeled Images
This work addresses the challenge of reducing query costs for adversarial attacks in security-sensitive applications like robotics, representing an incremental improvement over existing methods.
The paper tackles the problem of query-efficient black-box adversarial attacks by proposing SemiAdv, which uses unlabeled images and semi-supervised learning to reduce query counts, achieving over 90% success rate with only a few hundred queries and saving up to 12x queries compared to state-of-the-art methods.
Adversarial attack has garnered considerable attention due to its profound implications for the secure deployment of robots in sensitive security scenarios. To potentially push for advances in the field, this paper studies the adversarial attack in the black-box setting and proposes an unlabeled data-driven adversarial attack method, called SemiAdv. Specifically, SemiAdv achieves the following breakthroughs compared with previous works. First, by introducing the semi-supervised learning technique into the adversarial attack, SemiAdv substantially decreases the number of queries required for generating adversarial samples. On average, SemiAdv only needs to query a few hundred times to launch an effective attack with more than 90% success rate. Second, many existing black-box adversarial attacks require massive labeled data to mitigate the difference between the local substitute model and the remote target model for a good attack performance. While SemiAdv relaxes this limitation and is capable of utilizing unlabeled raw data to launch an effective attack. Finally, our experiments show that SemiAdv saves up to 12x query accesses for generating adversarial samples while maintaining a competitive attack success rate compared with state-of-the-art attacks.