Prior convictions: Black-box adversarial attacks with bandits and priors
We study the problem of generating adversarial examples in a black-box setting in which only loss-oracle access to a model is available. We introduce a framework that conceptually unifies much of the existing work on black-box attacks, and we demonstrate that the current state-of-the-art methods are...
| Váldodahkkit: | , , |
|---|---|
| Eará dahkkit: | |
| Materiálatiipa: | Artihkal |
| Giella: | English |
| Almmustuhtton: |
arXiv
2021
|
| Liŋkkat: | https://hdl.handle.net/1721.1/129721 |
| _version_ | 1826216620563890176 |
|---|---|
| author | Ilyas, Andrew. Engstrom, Logan G. Madry, Aleksander |
| author2 | MIT-IBM Watson AI Lab |
| author_facet | MIT-IBM Watson AI Lab Ilyas, Andrew. Engstrom, Logan G. Madry, Aleksander |
| author_sort | Ilyas, Andrew. |
| collection | MIT |
| description | We study the problem of generating adversarial examples in a black-box setting in which only loss-oracle access to a model is available. We introduce a framework that conceptually unifies much of the existing work on black-box attacks, and we demonstrate that the current state-of-the-art methods are optimal in a natural sense. Despite this optimality, we show how to improve black-box attacks by bringing a new element into the problem: gradient priors. We give a bandit optimization-based algorithm that allows us to seamlessly integrate any such priors, and we explicitly identify and incorporate two examples. The resulting methods use two to four times fewer queries and fail two to five times less than the current state-of-the-art. |
| first_indexed | 2024-09-23T16:50:01Z |
| format | Article |
| id | mit-1721.1/129721 |
| institution | Massachusetts Institute of Technology |
| language | English |
| last_indexed | 2024-09-23T16:50:01Z |
| publishDate | 2021 |
| publisher | arXiv |
| record_format | dspace |
| spelling | mit-1721.1/1297212022-10-03T08:39:02Z Prior convictions: Black-box adversarial attacks with bandits and priors Ilyas, Andrew. Engstrom, Logan G. Madry, Aleksander MIT-IBM Watson AI Lab We study the problem of generating adversarial examples in a black-box setting in which only loss-oracle access to a model is available. We introduce a framework that conceptually unifies much of the existing work on black-box attacks, and we demonstrate that the current state-of-the-art methods are optimal in a natural sense. Despite this optimality, we show how to improve black-box attacks by bringing a new element into the problem: gradient priors. We give a bandit optimization-based algorithm that allows us to seamlessly integrate any such priors, and we explicitly identify and incorporate two examples. The resulting methods use two to four times fewer queries and fail two to five times less than the current state-of-the-art. NSF (Grants CNS-10413920, CCF-1553428, CNS-1815221) 2021-02-09T17:40:30Z 2021-02-09T17:40:30Z 2019-03 2018-07 2021-02-05T18:17:33Z Article http://purl.org/eprint/type/ConferencePaper https://hdl.handle.net/1721.1/129721 Ilyas, Andrew et al. "Prior convictions: Black-box adversarial attacks with bandits and priors." 7th International Conference on Learning Representations (March 2019); © 7th International Conference on Learning Representations, ICLR 2019. All Rights Reserved. en https://openreview.net/forum?id=BkMiWhR5K7 7th International Conference on Learning Representations Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf arXiv arXiv |
| spellingShingle | Ilyas, Andrew. Engstrom, Logan G. Madry, Aleksander Prior convictions: Black-box adversarial attacks with bandits and priors |
| title | Prior convictions: Black-box adversarial attacks with bandits and priors |
| title_full | Prior convictions: Black-box adversarial attacks with bandits and priors |
| title_fullStr | Prior convictions: Black-box adversarial attacks with bandits and priors |
| title_full_unstemmed | Prior convictions: Black-box adversarial attacks with bandits and priors |
| title_short | Prior convictions: Black-box adversarial attacks with bandits and priors |
| title_sort | prior convictions black box adversarial attacks with bandits and priors |
| url | https://hdl.handle.net/1721.1/129721 |
| work_keys_str_mv | AT ilyasandrew priorconvictionsblackboxadversarialattackswithbanditsandpriors AT engstromlogang priorconvictionsblackboxadversarialattackswithbanditsandpriors AT madryaleksander priorconvictionsblackboxadversarialattackswithbanditsandpriors |