HopSkipJumpAttack: A Query-Efficient Decision-Based Attack
HTML-код
- Опубликовано: 31 июл 2024
- HopSkipJumpAttack: A Query-Efficient Decision-Based Attack-Jianbo Chen, Michael I. Jordan, Martin J. Wainwright
The goal of a decision-based adversarial attack on a
trained model is to generate adversarial examples based solely
on observing output labels returned by the targeted model. We
develop HopSkipJumpAttack, a family of algorithms based on
a novel estimate of the gradient direction using binary information at the decision boundary. The proposed family includes both untargeted and targeted attacks optimized for l_2 and l_∞ similarity metrics respectively. Theoretical analysis is provided
for the proposed algorithms and the gradient direction estimate.
Experiments show HopSkipJumpAttack requires significantly
fewer model queries than several state-of-the-art decision-based
adversarial attacks. It also achieves competitive performance in
attacking several widely-used defense mechanisms. 
Наука
![The moment we stopped understanding AI [AlexNet]](http://i.ytimg.com/vi/UZDiGooFs54/mqdefault.jpg)
Thanks for your sharing. I have some questions. The paper proposes a decision-based black-box attack method. However, the parameter S used in your algorithm relies on the target model's probability output. Then, how could this method be called a decision-based one?
He first setup the framework using the model's probability output, but later applied the same methodology in a setting where we do not get the probabilities but rather by just looking at the decision from the model i.e. the sign of S