@inproceedings{833a0d1df3014094858a02ac3404ef5d,
title = "Query-Efficient Hard-Label Black-Box Attacks Using Biased Sampling",
abstract = "In recent years, deep learning has developed rapidly and achieved great success in many fields. However, it has been demonstrated that deep neural networks are very vulnerable to artificially designed adversarial examples which are difficult to visually observe by human. In this paper, the practical hard-label black box attack in which attackers can only query the output labels to generate adversarial examples, is studied on image classification tasks. Existing attacks proposed for this setting require a lot of queries. To improve the attack efficiency, the unbiased sampling in existing attacks is replaced with two biased sampling methods: low image frequency and regional mask. The two biased methods integrate domain knowledge into the process of sampling and searching for adversarial directions, which can significantly limit the search space and thus reduce query times. Experimental results on ImageNet show that the biased sampling methods can improve the efficiency of existing hard-label black box attacks.",
keywords = "Adversarial example, Biased sampling, Black box Attack, Deep neural network, Image frequency",
author = "Sijia Liu and Jian Sun and Jun Li",
note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 Chinese Automation Congress, CAC 2020 ; Conference date: 06-11-2020 Through 08-11-2020",
year = "2020",
month = nov,
day = "6",
doi = "10.1109/CAC51589.2020.9326734",
language = "English",
series = "Proceedings - 2020 Chinese Automation Congress, CAC 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "3872--3877",
booktitle = "Proceedings - 2020 Chinese Automation Congress, CAC 2020",
address = "United States",
}