Abstract
Decision-based adversarial attacks pose a severe threat to real-world applications of Deep Neural Networks (DNNs), as attackers are assumed to have no prior knowledge about target model except hard labels of model outputs. Existing decision-based attacks require a large number of queries on the target model for a successful attack. In this paper, we propose DEAL, a decision-based query efficient adversarial attack based on adaptive boundary learning. DEAL relies on a local model named boundary learner, which is initialized through meta-learning mechanism to obtain the ability to adapt the decision boundaries to a new model. We conduct extensive experiments to evaluate the effectiveness of DEAL, which demonstrates that it outperforms 8 state-of-the-art attacks. Specifically for the evaluation on CIFAR-10 dataset, DEAL can achieve similar attack success rates with a maximum reduction in average number of queries of 51% in untargeted attacks and 14% in targeted attacks, respectively.
| Original language | English |
|---|---|
| Pages (from-to) | 1-13 |
| Number of pages | 13 |
| Journal | IEEE Transactions on Dependable and Secure Computing |
| DOIs | |
| Publication status | Accepted/In press - 2023 |
Keywords
- Adaptation models
- Adversarial attack
- Metalearning
- Optimization
- Perturbation methods
- Predictive models
- Task analysis
- Training
- black-box attack
- decision-based
- meta-learning
- query efficiency