QE-DBA: Query-Efficient Decision-Based Adversarial Attacks via Bayesian Optimization

Zhuosheng Zhang, Noor Ahmed, Shucheng Yu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

With the widespread popularity of mobile internet, an increasing number of IoT devices can use cloud services to invoke deep learning to accomplish computer vision tasks. Decision-based attacks (DBA), wherein attackers perturb inputs to spoof learning algorithms by observing solely the output labels, are a type of severe adversarial attacks against Deep Neural Networks (DNNs) that require minimal knowledge of attackers. Most existing DBA attacks rely on zeroth-order gradient estimation and require an excessive number (>20,000) of queries to converge. To better understand the attack, this paper presents an efficient DBA attack technique, namely QE-DBA, that greatly improves the query efficiency. We achieve this by introducing dimension reduction techniques and derivative-free optimization to the process of closest decision boundary search. In QE-DBA, we adopt the Gaussian process to model the distribution of decision boundary radius over a low-dimensional search space defined by perturbation generator functions. Bayesian Optimization is then leveraged to find the optimal direction. Experimental results on pre-trained ImageNet classifiers show that QE-DBA converges within 200 queries while the state-of-the-art DBA techniques using zeroth-order optimization need over 15,000 queries to achieve the same level of perturbation distortion.

Original languageEnglish
Title of host publication2024 International Conference on Computing, Networking and Communications, ICNC 2024
Pages783-788
Number of pages6
ISBN (Electronic)9798350370997
DOIs
StatePublished - 2024
Event2024 International Conference on Computing, Networking and Communications, ICNC 2024 - Big Island, United States
Duration: 19 Feb 202422 Feb 2024

Publication series

Name2024 International Conference on Computing, Networking and Communications, ICNC 2024

Conference

Conference2024 International Conference on Computing, Networking and Communications, ICNC 2024
Country/TerritoryUnited States
CityBig Island
Period19/02/2422/02/24

Keywords

  • Adversarial Attack
  • Bayesian Optimization
  • Image Classification
  • Internet of Things

Fingerprint

Dive into the research topics of 'QE-DBA: Query-Efficient Decision-Based Adversarial Attacks via Bayesian Optimization'. Together they form a unique fingerprint.

Cite this