A geometry-inspired decision-based attack

Deep neural networks have recently achieved tremen-dous success in image classification. Recent studies havehowever shown that they are easily misled into incorrectclassification decisions by adversarial examples. Adver-saries can even craft attacks by querying the model in black-box settings, where no information about the model is re-leased except its final decision. Such decision-based at-tacks usually require lots of queries, while real-world imagerecognition systems might actually restrict the number ofqueries. In this paper, we propose qFool, a novel decision-based attack algorithm that can generate adversarial exam-ples using a small number of queries. The qFool method candrastically reduce the number of queries compared to pre-vious decision-based attacks while reaching the same qual-ity of adversarial examples. We also enhance our methodby constraining adversarial perturbations in low-frequencysubspace, which can make qFool even more computation-ally efficient. Altogether, we manage to fool commercialimage recognition systems with a small number of queries,which demonstrates the actual effectiveness of our new al-gorithm in practice.

Publié dans:
[Proceedings of ICCV 2019]
Présenté à:
ICCV 2019 : IEEE International Conference on Computer Vision, Seoul, South Korea, Oct 27, 2019 - Nov 3, 2019
Autres identifiants:

 Notice créée le 2019-08-07, modifiée le 2019-08-12

Évaluer ce document:

Rate this document:
(Pas encore évalué)