FeatureBA: Hard label black box attack based on internal layer features of surrogate model

This study revises previous work by emphasizing the integration of surrogate models into query-based black-box adversarial attacks, showcasing their effectiveness in reducing query counts and enhancing robustness. This observation highlights a critical gap in decision-based (hard label) approaches, which have not yet effectively integrated surrogate models. In this paper, we propose a novel decision-based approach to black-box adversarial attacks. By utilizing intermediate layer features of the surrogate network and optimizing the query feedback process, the proposed method achieves competitive results with a significant reduction in query counts (up to 99.73% lower compared to existing methods). Extensive experiments validate its performance across diverse tasks, including image classification, object detection, and face recognition. This work demonstrates the potential for enhancing the practicality of decision-based attacks in real-world scenarios.