Related papers: Nonlinear Projection Based Gradient Estimation for Query Efficient Blackbox Attacks

Nonlinear Projection Based Gradient Estimation for Query Efficient Blackbox Attacks

URL: http://arxiv.org/abs/2102.13184v1
Date: Thu, 25 Feb 2021 21:32:19 GMT
Title: Nonlinear Projection Based Gradient Estimation for Query Efficient Blackbox Attacks
Authors: Huichen Li and Linyi Li and Xiaojun Xu and Xiaolu Zhang and Shuang Yang and Bo Li
Abstract summary: We bridge the gap between gradient estimation and vector space projection by investigating how to efficiently estimate gradient based on a projected low-dimensional space. Built upon our theoretic analysis, we propose a novel query-efficient Gradient Projection-based Boundary Blackbox Attack. We show that the projection-based boundary blackbox attacks are able to achieve much smaller magnitude of perturbations with 100% attack success rate based on efficient queries.
Score: 21.718029193267526
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Gradient estimation and vector space projection have been studied as two distinct topics. We aim to bridge the gap between the two by investigating how to efficiently estimate gradient based on a projected low-dimensional space. We first provide lower and upper bounds for gradient estimation under both linear and nonlinear projections, and outline checkable sufficient conditions under which one is better than the other. Moreover, we analyze the query complexity for the projection-based gradient estimation and present a sufficient condition for query-efficient estimators. Built upon our theoretic analysis, we propose a novel query-efficient Nonlinear Gradient Projection-based Boundary Blackbox Attack (NonLinear-BA). We conduct extensive experiments on four image datasets: ImageNet, CelebA, CIFAR-10, and MNIST, and show the superiority of the proposed methods compared with the state-of-the-art baselines. In particular, we show that the projection-based boundary blackbox attacks are able to achieve much smaller magnitude of perturbations with 100% attack success rate based on efficient queries. Both linear and nonlinear projections demonstrate their advantages under different conditions. We also evaluate NonLinear-BA against the commercial online API MEGVII Face++, and demonstrate the high blackbox attack performance both quantitatively and qualitatively. The code is publicly available at https://github.com/AI-secure/NonLinear-BA.

Related papers

Revisiting Gradient-based Uncertainty for Monocular Depth Estimation [10.502852645001882]
We introduce gradient-based uncertainty estimation for monocular depth estimation models. We demonstrate that our approach is effective in determining the uncertainty without re-training. In particular, for models trained with monocular sequences and therefore most prone to uncertainty, our method outperforms related approaches.
arXiv Detail & Related papers (2025-02-09T17:21:41Z)
Visual Prompt Tuning in Null Space for Continual Learning [51.96411454304625]
Existing prompt-tuning methods have demonstrated impressive performances in continual learning (CL) This paper aims to learn each task by tuning the prompts in the direction orthogonal to the subspace spanned by previous tasks' features. In practice, an effective null-space-based approximation solution has been proposed to implement the prompt gradient projection.
arXiv Detail & Related papers (2024-06-09T05:57:40Z)
Vanishing Point Estimation in Uncalibrated Images with Prior Gravity Direction [82.72686460985297]
We tackle the problem of estimating a Manhattan frame. We derive two new 2-line solvers, one of which does not suffer from singularities affecting existing solvers. We also design a new non-minimal method, running on an arbitrary number of lines, to boost the performance in local optimization.
arXiv Detail & Related papers (2023-08-21T13:03:25Z)
CGBA: Curvature-aware Geometric Black-box Attack [39.63633212337113]
Decision-based black-box attacks often necessitate a large number of queries to craft an adversarial example. We propose a novel query-efficient curvature-aware geometric decision-based black-box attack (CGBA) We develop a new query-efficient variant, CGBA-H, that is adapted for the targeted attack.
arXiv Detail & Related papers (2023-08-06T17:18:04Z)
Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior [50.393092185611536]
We consider the black-box adversarial setting, where the adversary needs to craft adversarial examples without access to the gradients of a target model. Previous methods attempted to approximate the true gradient either by using the transfer gradient of a surrogate white-box model or based on the feedback of model queries. We propose two prior-guided random gradient-free (PRGF) algorithms based on biased sampling and gradient averaging.
arXiv Detail & Related papers (2022-03-13T04:06:27Z)
Progressive-Scale Boundary Blackbox Attack via Projective Gradient Estimation [26.16745376395128]
Boundary based blackbox attack has been recognized as practical and effective, given that an attacker only needs to access the final model prediction. We show that such efficiency highly depends on the scale at which the attack is applied, and attacking at the optimal scale significantly improves the efficiency. We propose Progressive-Scale enabled projective Boundary Attack (PSBA) to improve the query efficiency via progressive scaling techniques.
arXiv Detail & Related papers (2021-06-10T21:13:41Z)
Zeroth-Order Hybrid Gradient Descent: Towards A Principled Black-Box Optimization Framework [100.36569795440889]
This work is on the iteration of zero-th-order (ZO) optimization which does not require first-order information. We show that with a graceful design in coordinate importance sampling, the proposed ZO optimization method is efficient both in terms of complexity as well as as function query cost.
arXiv Detail & Related papers (2020-12-21T17:29:58Z)
Self-Concordant Analysis of Generalized Linear Bandits with Forgetting [2.282313031205821]
We focus on self-concordant GLB (which include logistic regression) with achieved by the use of a Poisson window or exponential weights. We propose a novel approach to address the potential approach to address the proposed approach to address the Generalized Bandits (GLB) problem.
arXiv Detail & Related papers (2020-11-02T08:36:39Z)
Large-Scale Methods for Distributionally Robust Optimization [53.98643772533416]
We prove that our algorithms require a number of evaluations gradient independent of training set size and number of parameters. Experiments on MNIST and ImageNet confirm the theoretical scaling of our algorithms, which are 9--36 times more efficient than full-batch methods.
arXiv Detail & Related papers (2020-10-12T17:41:44Z)
QEBA: Query-Efficient Boundary-Based Blackbox Attack [27.740081902519517]
We propose a Query-Efficient Boundary-based blackbox Attack (QEBA) based only on model's final prediction labels. We show that compared with the state-of-the-art blackbox attacks, QEBA is able to use a smaller number of queries to achieve a lower magnitude of perturbation with 100% attack success rate.
arXiv Detail & Related papers (2020-05-28T16:41:12Z)
Projection & Probability-Driven Black-Box Attack [205.9923346080908]
Existing black-box attacks suffer from the need for excessive queries in the high-dimensional space. We propose Projection & Probability-driven Black-box Attack (PPBA) to tackle this problem. Our method requires at most 24% fewer queries with a higher attack success rate compared with state-of-the-art approaches.
arXiv Detail & Related papers (2020-05-08T03:37:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.