Towards Query-Efficient Black-Box Adversary with Zeroth-Order Natural Gradient Descent

Zhao, Pu; Chen, Pin-Yu; Wang, Siyue; Lin, Xue

doi:10.1609/aaai.v34i04.6173

Cited by 30 publications

(25 citation statements)

References 17 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors employed the natural evolution strategy (NES) to estimate the gradient and adopted the projected gradient descent to generate adversarial examples. Based on [26] , Zhao et al [27] derived the Fisher information matrix (FIM) and incorporated FIM with the second-order natural gradient descent (NGD) to achieve high query-efficiency.…”

Section: A Adversarial Attack Methodsmentioning

confidence: 99%

“…Finally, transformation based attack [33], [34], [35], [36] crafts adversarial images by shifting pixels' spatial location [27] Boundary Attack [28] Pointwise Attack [29] Boundary Attack ++ [30] HSJA [31] QEBA [32] stAdv [33] Engstrom et al [34] Wang et al [35] Chen et al [36] instead of directly modifying their value. For example, Xiao et al [33] proposed the spatially transformed adversarial (stAdv) method, which replaces the L p -norm with local geometry distortion in measuring the magnitude of perturbations.…”

Section: A Adversarial Attack Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Targeted Attention Attack on Deep Learning Models in Road Sign Recognition

Yang

Liu

Zhang

et al. 2021

IEEE Internet Things J.

View full text Add to dashboard Cite

Section: A Adversarial Attack Methodsmentioning

confidence: 99%

Section: A Adversarial Attack Methodsmentioning

confidence: 99%

Targeted Attention Attack on Deep Learning Models in Road Sign Recognition

Yang

Liu

Zhang

et al. 2021

IEEE Internet Things J.

View full text Add to dashboard Cite

“…New score based attacks include qMeta [24], P-RGF [25], ZO-ADMM [26], TREMBA [27], Square attack [28], ZO-NGD [29] and PPBA [30].…”

Section: B Black-box Attack Categorizationmentioning

confidence: 99%

“…We cover 7 recently proposed score type attacks. These attacks include the square attack [28], the Zeroth-Order Natural Gradient Descent attack (ZO-NGD) [29], the Projection and Policy Driven Attack (PPBA) [30], the Zerothorder Optimization Alternating Direction Method of Multiplers (ZO-ADMM) attack [26], the prior-guided random gradient-free (P-RGF) attack [25], the TRansferable EMbedding based Black-box Attack (TREMBA) [27] and the qMeta attack [24].…”

Section: Score Based Attacksmentioning

confidence: 99%

“…The Zeroth-Order Natural Gradient Descent (ZO-NGD) attack is a score-based, black box attack proposed in [29] as a query efficient attack utilizing a novel attack optimization technique. In particular the attack approximates a Fisher information matrix over the distribution of inputs and subsequent outputs of the classifier.…”

Section: B Zeroth-order Natural Gradient Descent Attackmentioning

confidence: 99%

See 1 more Smart Citation

Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks

Mahmood

Rathbun

et al. 2022

IEEE Access

View full text Add to dashboard Cite

The field of adversarial machine learning has experienced a near exponential growth in the amount of papers being produced since 2018. This massive information output has yet to be properly processed and categorized. In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019. Our survey summarizes and categorizes 20 recent black-box attacks. We also present a new analysis for understanding the attack success rate with respect to the adversarial model used in each paper. Overall, our paper surveys a wide body of literature to highlight recent attack developments and organizes them into four attack categories: score based attacks, decision based attacks, transfer attacks and non-traditional attacks. Further, we provide a new mathematical framework to show exactly how attack results can fairly be compared. INDEX TERMSAdversarial machine learning, adversarial examples, adversarial defense, black-box attack, security, deep learning. Score based Attacks Attack Name Date Author qMeta 6-Jun-19 Du et al. [24] P-RGF 17-Jun-19 Cheng et al. [25] ZO-ADMM 26-Jul-19 Zhao et al. [26] TREMBA 17-Nov-19 Huang et al. [27] Square 29-Nov-19 Andriushchenko et al. [28] ZO-NGD 18-Feb-20 Zhao et al. [29] PPBA 8-May-20 Liu et al. [30] Decision based Attacks Attack Name Date Author qFool 26-Mar-19 Liu et al. [31] HSJA 3-Apr-19 Chen et al. [10] GeoDA 13-Mar-20 Rahmati et al. [32] QEBA 28-May-20 Li et al. [33] RayS 23-Jun-20 Chen et al. [34] SurFree 25-Nov-20 Maho et al. [12] NonLinear-BA 25-Feb-21 Li et al. [35] Transfer based Attacks Attack Name Date Author Adaptive 3-Oct-19 Mahmood et al. [22] DaST 28-Mar-20 Zhou et al. [9] PO-TI 13-Jun-20 Li et al. [23] Non-traditional Attacks Attack Name Date Author CornerSearch 11-Sep-19 Croce et al. [36] ColorFool 25-Nov-19 Shamsabadi et al. [38] Patch 12-Apr-20 Yang et al. [37]

show abstract

CHEAPS2AGA: Bounding Space Usage in Variance-Reduced Stochastic Gradient Descent over Streaming Data and Its Asynchronous Parallel Variants

Peng

Fei

et al. 2020

Algorithms and Architectures for Parallel Processing

View full text Add to dashboard Cite

Towards Query-Efficient Black-Box Adversary with Zeroth-Order Natural Gradient Descent

Cited by 30 publications

References 17 publications

Targeted Attention Attack on Deep Learning Models in Road Sign Recognition

Targeted Attention Attack on Deep Learning Models in Road Sign Recognition

Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks

CHEAPS2AGA: Bounding Space Usage in Variance-Reduced Stochastic Gradient Descent over Streaming Data and Its Asynchronous Parallel Variants

Contact Info

Product

Resources

About