The field of adversarial machine learning has experienced a near exponential growth in the amount of papers being produced since 2018. This massive information output has yet to be properly processed and categorized. In this paper, we seek to help alleviate this problem by systematizing the recent advances in adversarial machine learning black-box attacks since 2019. Our survey summarizes and categorizes 20 recent black-box attacks. We also present a new analysis for understanding the attack success rate with respect to the adversarial model used in each paper. Overall, our paper surveys a wide body of literature to highlight recent attack developments and organizes them into four attack categories: score based attacks, decision based attacks, transfer attacks and non-traditional attacks. Further, we provide a new mathematical framework to show exactly how attack results can fairly be compared.
INDEX TERMSAdversarial machine learning, adversarial examples, adversarial defense, black-box attack, security, deep learning. Score based Attacks Attack Name Date Author qMeta 6-Jun-19 Du et al. [24] P-RGF 17-Jun-19 Cheng et al. [25] ZO-ADMM 26-Jul-19 Zhao et al. [26] TREMBA 17-Nov-19 Huang et al. [27] Square 29-Nov-19 Andriushchenko et al. [28] ZO-NGD 18-Feb-20 Zhao et al. [29] PPBA 8-May-20 Liu et al. [30] Decision based Attacks Attack Name Date Author qFool 26-Mar-19 Liu et al. [31] HSJA 3-Apr-19 Chen et al. [10] GeoDA 13-Mar-20 Rahmati et al. [32] QEBA 28-May-20 Li et al. [33] RayS 23-Jun-20 Chen et al. [34] SurFree 25-Nov-20 Maho et al. [12] NonLinear-BA 25-Feb-21 Li et al. [35] Transfer based Attacks Attack Name Date Author Adaptive 3-Oct-19 Mahmood et al. [22] DaST 28-Mar-20 Zhou et al. [9] PO-TI 13-Jun-20 Li et al. [23] Non-traditional Attacks Attack Name Date Author CornerSearch 11-Sep-19 Croce et al. [36] ColorFool 25-Nov-19 Shamsabadi et al. [38] Patch 12-Apr-20 Yang et al. [37]