Simple black-box adversarial attacks

Chuan Guo; Jacob R. Gardner; Yurong You; Andrew Gordon Wilson; Kilian Q. Weinberger

Simple black-box adversarial attacks

Chuan Guo, Jacob R. Gardner, Yurong You, Andrew Gordon Wilson, Kilian Q. Weinberger

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We propose an intriguingly simple method for the construction of adversarial images in the black-box setting. In constrast to the white-box scenario, constructing black-box adversarial images has the additional constraint on query budget, and efficient attacks remain an open problem to date. With only the mild assumption of continuous-valued confidence scores, our highly query-efficient algorithm utilizes the following simple iterative principle: we randomly sample a vector from a predefined orthonormal basis and either add or subtract it to the target image. Despite its simplicity, the proposed method can be used for both untargeted and targeted attacks - resulting in previously unprecedented query efficiency in both settings. We demonstrate the efficacy and efficiency of our algorithm on several real world settings including the Google Cloud Vision API. We argue that our proposed algorithm should serve as a strong baseline for future black-box attacks, in particular because it is extremely fast and its implementation requires less than 20 lines of PyTorch code.

Original language	English (US)
Title of host publication	36th International Conference on Machine Learning, ICML 2019
Publisher	International Machine Learning Society (IMLS)
Pages	4410-4423
Number of pages	14
ISBN (Electronic)	9781510886988
State	Published - Jan 1 2019
Event	36th International Conference on Machine Learning, ICML 2019 - Long Beach, United States Duration: Jun 9 2019 → Jun 15 2019

Publication series

Name	36th International Conference on Machine Learning, ICML 2019
Volume	2019-June

Conference

Conference	36th International Conference on Machine Learning, ICML 2019
Country/Territory	United States
City	Long Beach
Period	6/9/19 → 6/15/19

ASJC Scopus subject areas

Education
Computer Science Applications
Human-Computer Interaction

Cite this

Simple black-box adversarial attacks. / Guo, Chuan; Gardner, Jacob R.; You, Yurong et al.
36th International Conference on Machine Learning, ICML 2019. International Machine Learning Society (IMLS), 2019. p. 4410-4423 (36th International Conference on Machine Learning, ICML 2019; Vol. 2019-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Guo, C, Gardner, JR, You, Y, Wilson, AG & Weinberger, KQ 2019, Simple black-box adversarial attacks. in 36th International Conference on Machine Learning, ICML 2019. 36th International Conference on Machine Learning, ICML 2019, vol. 2019-June, International Machine Learning Society (IMLS), pp. 4410-4423, 36th International Conference on Machine Learning, ICML 2019, Long Beach, United States, 6/9/19.

@inproceedings{f6f1c1c8c2cd427698a8bbb2e43762a0,

title = "Simple black-box adversarial attacks",

abstract = "We propose an intriguingly simple method for the construction of adversarial images in the black-box setting. In constrast to the white-box scenario, constructing black-box adversarial images has the additional constraint on query budget, and efficient attacks remain an open problem to date. With only the mild assumption of continuous-valued confidence scores, our highly query-efficient algorithm utilizes the following simple iterative principle: we randomly sample a vector from a predefined orthonormal basis and either add or subtract it to the target image. Despite its simplicity, the proposed method can be used for both untargeted and targeted attacks - resulting in previously unprecedented query efficiency in both settings. We demonstrate the efficacy and efficiency of our algorithm on several real world settings including the Google Cloud Vision API. We argue that our proposed algorithm should serve as a strong baseline for future black-box attacks, in particular because it is extremely fast and its implementation requires less than 20 lines of PyTorch code.",

author = "Chuan Guo and Gardner, {Jacob R.} and Yurong You and Wilson, {Andrew Gordon} and Weinberger, {Kilian Q.}",

year = "2019",

month = jan,

day = "1",

language = "English (US)",

series = "36th International Conference on Machine Learning, ICML 2019",

publisher = "International Machine Learning Society (IMLS)",

pages = "4410--4423",

booktitle = "36th International Conference on Machine Learning, ICML 2019",

}

TY - GEN

T1 - Simple black-box adversarial attacks

AU - Guo, Chuan

AU - Gardner, Jacob R.

AU - You, Yurong

AU - Wilson, Andrew Gordon

AU - Weinberger, Kilian Q.

PY - 2019/1/1

Y1 - 2019/1/1

N2 - We propose an intriguingly simple method for the construction of adversarial images in the black-box setting. In constrast to the white-box scenario, constructing black-box adversarial images has the additional constraint on query budget, and efficient attacks remain an open problem to date. With only the mild assumption of continuous-valued confidence scores, our highly query-efficient algorithm utilizes the following simple iterative principle: we randomly sample a vector from a predefined orthonormal basis and either add or subtract it to the target image. Despite its simplicity, the proposed method can be used for both untargeted and targeted attacks - resulting in previously unprecedented query efficiency in both settings. We demonstrate the efficacy and efficiency of our algorithm on several real world settings including the Google Cloud Vision API. We argue that our proposed algorithm should serve as a strong baseline for future black-box attacks, in particular because it is extremely fast and its implementation requires less than 20 lines of PyTorch code.

AB - We propose an intriguingly simple method for the construction of adversarial images in the black-box setting. In constrast to the white-box scenario, constructing black-box adversarial images has the additional constraint on query budget, and efficient attacks remain an open problem to date. With only the mild assumption of continuous-valued confidence scores, our highly query-efficient algorithm utilizes the following simple iterative principle: we randomly sample a vector from a predefined orthonormal basis and either add or subtract it to the target image. Despite its simplicity, the proposed method can be used for both untargeted and targeted attacks - resulting in previously unprecedented query efficiency in both settings. We demonstrate the efficacy and efficiency of our algorithm on several real world settings including the Google Cloud Vision API. We argue that our proposed algorithm should serve as a strong baseline for future black-box attacks, in particular because it is extremely fast and its implementation requires less than 20 lines of PyTorch code.

UR - http://www.scopus.com/inward/record.url?scp=85073203396&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85073203396&partnerID=8YFLogxK

M3 - Conference contribution

T3 - 36th International Conference on Machine Learning, ICML 2019

SP - 4410

EP - 4423

BT - 36th International Conference on Machine Learning, ICML 2019

PB - International Machine Learning Society (IMLS)

T2 - 36th International Conference on Machine Learning, ICML 2019

Y2 - 9 June 2019 through 15 June 2019

ER -

Simple black-box adversarial attacks

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this