Timezone: »
Unlike the white-box counterparts that are widely studied and readily accessible, adversarial examples in black-box settings are generally more Herculean on account of the difficulty of estimating gradients. Many methods achieve the task by issuing numerous queries to target classification systems, which makes the whole procedure costly and suspicious to the systems. In this paper, we aim at reducing the query complexity of black-box attacks in this category. We propose to exploit gradients of a few reference models which arguably span some promising search subspaces. Experimental results show that, in comparison with the state-of-the-arts, our method can gain up to 2x and 4x reductions in the requisite mean and medium numbers of queries with much lower failure rates even if the reference models are trained on a small and inadequate dataset disjoint to the one for training the victim model. Code and models for reproducing our results will be made publicly available.
Author Information
Yiwen Guo (Bytedance AI Lab)
Ziang Yan (Tsinghua University)
Changshui Zhang (Tsinghua University)
More from the Same Authors
-
2021 Spotlight: Robust and Fully-Dynamic Coreset for Continuous-and-Bounded Learning (With Outliers) Problems »
Zixiu Wang · Yiwen Guo · Hu Ding -
2022 Poster: When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture »
Yichuan Mo · Dongxian Wu · Yifei Wang · Yiwen Guo · Yisen Wang -
2022 Spotlight: Lightning Talks 6A-2 »
Yichuan Mo · Botao Yu · Gang Li · Zezhong Xu · Haoran Wei · Arsene Fansi Tchango · Raef Bassily · Haoyu Lu · Qi Zhang · Songming Liu · Mingyu Ding · Peiling Lu · Yifei Wang · Xiang Li · Dongxian Wu · Ping Guo · Wen Zhang · Hao Zhongkai · Mehryar Mohri · Rishab Goel · Yisen Wang · Yifei Wang · Yangguang Zhu · Zhi Wen · Ananda Theertha Suresh · Chengyang Ying · Yujie Wang · Peng Ye · Rui Wang · Nanyi Fei · Hui Chen · Yiwen Guo · Wei Hu · Chenglong Liu · Julien Martel · Yuqi Huo · Wu Yichao · Hang Su · Yisen Wang · Peng Wang · Huajun Chen · Xu Tan · Jun Zhu · Ding Liang · Zhiwu Lu · Joumana Ghosn · Shanshan Zhang · Wei Ye · Ze Cheng · Shikun Zhang · Tao Qin · Tie-Yan Liu -
2022 Spotlight: When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture »
Yichuan Mo · Dongxian Wu · Yifei Wang · Yiwen Guo · Yisen Wang -
2022 Poster: Synergy-of-Experts: Collaborate to Improve Adversarial Robustness »
Sen Cui · Jingfeng ZHANG · Jian Liang · Bo Han · Masashi Sugiyama · Changshui Zhang -
2021 Poster: Addressing Algorithmic Disparity and Performance Inconsistency in Federated Learning »
Sen Cui · Weishen Pan · Jian Liang · Changshui Zhang · Fei Wang -
2021 Poster: Robust and Fully-Dynamic Coreset for Continuous-and-Bounded Learning (With Outliers) Problems »
Zixiu Wang · Yiwen Guo · Hu Ding -
2021 Poster: ReSSL: Relational Self-Supervised Learning with Weak Augmentation »
Mingkai Zheng · Shan You · Fei Wang · Chen Qian · Changshui Zhang · Xiaogang Wang · Chang Xu -
2020 Poster: Agree to Disagree: Adaptive Ensemble Knowledge Distillation in Gradient Space »
Shangchen Du · Shan You · Xiaojie Li · Jianlong Wu · Fei Wang · Chen Qian · Changshui Zhang -
2020 Poster: When Counterpoint Meets Chinese Folk Melodies »
Nan Jiang · Sheng Jin · Zhiyao Duan · Changshui Zhang -
2020 Poster: Backpropagating Linearly Improves Transferability of Adversarial Examples »
Yiwen Guo · Qizhang Li · Hao Chen -
2020 Poster: Practical No-box Adversarial Attacks against DNNs »
Qizhang Li · Yiwen Guo · Hao Chen -
2019 Poster: DATA: Differentiable ArchiTecture Approximation »
Jianlong Chang · xinbang zhang · Yiwen Guo · GAOFENG MENG · SHIMING XIANG · Chunhong Pan -
2018 : Adversarial Vision Challenge: Poster Session »
Yash Sharma · Lars Holdijk · Sascha Saralajew · Ziang Yan · Dmitrii Rashchenko · Iuliia Rashchenko · Jongseong Jang · Jungin Lee · jihyeun Yoon · KYUNGYUL KIM · Florian Laurent · Lukas Schott -
2018 Poster: Sparse DNNs with Improved Adversarial Robustness »
Yiwen Guo · Chao Zhang · Changshui Zhang · Yurong Chen -
2018 Poster: Connectionist Temporal Classification with Maximum Entropy Regularization »
Hu Liu · Sheng Jin · Changshui Zhang -
2018 Spotlight: Connectionist Temporal Classification with Maximum Entropy Regularization »
Hu Liu · Sheng Jin · Changshui Zhang -
2018 Poster: Deep Defense: Training DNNs with Improved Adversarial Robustness »
Ziang Yan · Yiwen Guo · Changshui Zhang -
2012 Poster: Multi-Stage Multi-Task Feature Learning »
Pinghua Gong · Jieping Ye · Changshui Zhang -
2012 Spotlight: Multi-Stage Multi-Task Feature Learning »
Pinghua Gong · Jieping Ye · Changshui Zhang -
2010 Poster: Learning Kernels with Radiuses of Minimum Enclosing Balls »
Kun Gai · Guangyun Chen · Changshui Zhang