papers AI Learner
The Github is limit! Click to go to the new site.

A geometry-inspired decision-based attack

2019-03-26
Yujia Liu, Seyed-Mohsen Moosavi-Dezfooli, Pascal Frossard

Abstract

Deep neural networks have recently achieved tremendous success in image classification. Recent studies have however shown that they are easily misled into incorrect classification decisions by adversarial examples. Adversaries can even craft attacks by querying the model in black-box settings, where no information about the model is released except its final decision. Such decision-based attacks usually require lots of queries, while real-world image recognition systems might actually restrict the number of queries. In this paper, we propose qFool, a novel decision-based attack algorithm that can generate adversarial examples using a small number of queries. The qFool method can drastically reduce the number of queries compared to previous decision-based attacks while reaching the same quality of adversarial examples. We also enhance our method by constraining adversarial perturbations in low-frequency subspace, which can make qFool even more computationally efficient. Altogether, we manage to fool commercial image recognition systems with a small number of queries, which demonstrates the actual effectiveness of our new algorithm in practice.

Abstract (translated by Google)
URL

http://arxiv.org/abs/1903.10826

PDF

http://arxiv.org/pdf/1903.10826


Similar Posts

Comments