Data-Free Adversarial Perturbations for Practical Black-Box Attack

Huan, Zhaoxin; Wang, Yulong; Zhang, Xiaolu; Shang, Lin; Fu, Chilin; Zhou, Jun

doi:10.1007/978-3-030-47436-2_10

Cited by 13 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fooling Rate. The expected number of times the attack is able to flip the label, known as fooling rate, denoted by FR [219], measures the percentage of success for an adversarial attack, formally defined [220]:…”

Section: A Evaluation Metricsmentioning

confidence: 99%

How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses

Costa,

Roxo,

Proença

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Deep Learning is currently used to perform multiple tasks, such as object recognition, face recognition, and natural language processing. However, Deep Neural Networks (DNNs) are vulnerable to perturbations that alter the network prediction, named adversarial examples, which raise concerns regarding the usage of DNNs in critical areas, such as Self-driving Vehicles, Malware Detection, and Healthcare. This paper compiles the most recent adversarial attacks in Object Recognition, grouped by the attacker capacity and knowledge, and modern defenses clustered by protection strategies, providing background details to understand the topic of adversarial attacks and defenses. The new advances regarding Vision Transformers are also presented, which have not been previously done in the literature, showing the resemblance and dissimilarity between this architecture and Convolutional Neural Networks. Furthermore, the most used datasets and metrics in adversarial settings are summarized, along with datasets requiring further evaluation, which is another contribution. This survey compares the state-of-the-art results under different attacks for multiple architectures and compiles all the adversarial attacks and defenses with available code, comprising significant contributions to the literature. Finally, practical applications are discussed, and open issues are identified, being a reference for future works.INDEX TERMS Adversarial attacks, adversarial defenses, datasets, evaluation metrics, review, vision transformers.

show abstract

Section: A Evaluation Metricsmentioning

confidence: 99%

How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses

Costa,

Roxo,

Proença

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Data-based computer vision attacks depend on training and validation dataset to craft adversaries, while datafree attacks rely on other signals. There are some data-free approaches in computer vision, for example, by maximizing activations at each layer (Mopuri, Garg, and Radhakrishnan 2017;Mopuri, Ganeshan, and Babu 2018), class activations (Mopuri, Uppala, and Babu 2018), and pretrained models and proxy dataset (Huan et al 2020). However, there has been no work in NLP systems for data-free attacks.…”

Section: Related Workmentioning

confidence: 99%

MINIMAL: Mining Models for Universal Adversarial Triggers

Kumar

Parekh

Singh

et al. 2022

AAAI

View full text Add to dashboard Cite

It is well known that natural language models are vulnerable to adversarial attacks, which are mostly input-specific in nature. Recently, it has been shown that there also exist input-agnostic attacks in NLP models, called universal adversarial triggers. However, existing methods to craft universal triggers are data intensive. They require large amounts of data samples to generate adversarial triggers, which are typically inaccessible by attackers. For instance, previous works take 3000 data samples per class for the SNLI dataset to generate adversarial triggers. In this paper, we present a novel data-free approach, MINIMAL, to mine input-agnostic adversarial triggers from models. Using the triggers produced with our data-free algorithm, we reduce the accuracy of Stanford Sentiment Treebank’s positive class from 93.6% to 9.6%. Similarly, for the Stanford Natural LanguageInference (SNLI), our single-word trigger reduces the accuracy of the entailment class from 90.95% to less than 0.6%. Despite being completely data-free, we get equivalent accuracy drops as data-dependent methods

show abstract

“…They have also no access of the datasets used for the training. Huan et al [8] showed that even in these conditions, many current models are still at risk. In contrast, white-box attacks may use any of those elements to perform the attack.…”

Section: Related Workmentioning

confidence: 99%

Smooth Perturbations for Time Series Adversarial Attacks

Pialla

Fawaz

Devanne

et al. 2022

Advances in Knowledge Discovery and Data Mining

View full text Add to dashboard Cite

Adversarial attacks represent a threat to every deep neural network. They are particularly effective if they can perturb a given model while remaining undetectable. They have been initially introduced for image classifiers, and are well studied for this task. For time series, few attacks have yet been proposed. Most that have are adaptations of attacks previously proposed for image classifiers. Although these attacks are effective, they generate perturbations containing clearly discernible patterns such as sawtooth and spikes. Adversarial patterns are not perceptible on images, but the attacks proposed to date are readily perceptible in the case of time series. In order to generate stealthier adversarial attacks for time series, we propose a new attack that produces smoother perturbations. We find that smooth perturbations are harder to detect by the naked eye. We also show how adversarial training can improve model robustness against this attack, thus making models less vulnerable.

show abstract

Data-Free Adversarial Perturbations for Practical Black-Box Attack

Cited by 13 publications

References 10 publications

How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses

How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses

MINIMAL: Mining Models for Universal Adversarial Triggers

Smooth Perturbations for Time Series Adversarial Attacks

Contact Info

Product

Resources

About