IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v11y2023i16p3613-d1221562.html
   My bibliography  Save this article

ADDA: An Adversarial Direction-Guided Decision-Based Attack via Multiple Surrogate Models

Author

Listed:
  • Wanman Li

    (School of Computer Science and Technology, Hainan University, Haikou 570228, China)

  • Xiaozhang Liu

    (School of Computer Science and Technology, Hainan University, Haikou 570228, China)

Abstract

Over the past decade, Convolutional Neural Networks (CNNs) have been extensively deployed in security-critical areas; however, the security of CNN models is threatened by adversarial attacks. Decision-based adversarial attacks, wherein an attacker relies solely on the final output label of the target model to craft adversarial examples, are the most challenging yet practical adversarial attacks. However, existing decision-based adversarial attacks generally suffer from poor query efficiency or low attack success rate, especially for targeted attacks. To address these issues, we propose a query-efficient Adversarial Direction-guided Decision-based Attack (ADDA), which exploits the advantages of transfer-based priors and the benefits of a single query. The transfer-based priors provided by the gradients of multiple different surrogate models can be utilized to suggest the most promising search directions for generating adversarial examples. The query consumption during the ADDA attack is mainly derived from a single query evaluation of the candidate adversarial samples, which significantly saves the number of queries. Experimental results on several ImageNet classifiers, including l ∞ and l 2 threat models, demonstrate that our proposed approach overwhelmingly outperforms existing state-of-the-art decision-based attacks in terms of both query efficiency and attack success rate. We show case studies of ADDA against a real-world API in which it is successfully able to fool the Google Cloud Vision API after only a few queries.

Suggested Citation

  • Wanman Li & Xiaozhang Liu, 2023. "ADDA: An Adversarial Direction-Guided Decision-Based Attack via Multiple Surrogate Models," Mathematics, MDPI, vol. 11(16), pages 1-16, August.
  • Handle: RePEc:gam:jmathe:v:11:y:2023:i:16:p:3613-:d:1221562
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/11/16/3613/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2227-7390/11/16/3613/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:11:y:2023:i:16:p:3613-:d:1221562. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.