NeurIPS 2019

`

Timezone: »

Poster

Improving Black-box Adversarial Attacks with a Transfer-based Prior

Shuyu Cheng · Yinpeng Dong · Tianyu Pang · Hang Su · Jun Zhu

Thu Dec 12 10:45 AM -- 12:45 PM (PST) @ East Exhibition Hall B + C #16

in Algorithms -- Adversarial Learning »

We consider the black-box adversarial setting, where the adversary has to generate adversarial perturbations without access to the target models to compute gradients. Previous methods tried to approximate the gradient either by using a transfer gradient of a surrogate white-box model, or based on the query feedback. However, these methods often suffer from low attack success rates or poor query efficiency since it is non-trivial to estimate the gradient in a high-dimensional space with limited information. To address these problems, we propose a prior-guided random gradient-free (P-RGF) method to improve black-box adversarial attacks, which takes the advantage of a transfer-based prior and the query information simultaneously. The transfer-based prior given by the gradient of a surrogate model is appropriately integrated into our algorithm by an optimal coefficient derived by a theoretical analysis. Extensive experiments demonstrate that our method requires much fewer queries to attack black-box models with higher success rates compared with the alternative state-of-the-art methods.

Keywords: Algorithms -> Adversarial Learning · Applications -> Privacy, Anonymity, and Security

[ Paper] [ Slides]

Author Information

Shuyu Cheng (Tsinghua University)

Yinpeng Dong (Tsinghua University)

Tianyu Pang (Tsinghua University)

Hang Su (Tsinghua Univiersity)

Jun Zhu (Tsinghua University)

More from the Same Authors

2020 Poster: Multi-label classification: do Hamming loss and subset accuracy really conflict with each other? »
Guoqiang Wu · Jun Zhu
2020 Poster: Bi-level Score Matching for Learning Energy-based Latent Variable Models »
Fan Bao · Chongxuan LI · Kun Xu · Hang Su · Jun Zhu · Bo Zhang
2020 Poster: Further Analysis of Outlier Detection with Deep Generative Models »
Ziyu Wang · Bin Dai · David P Wipf · Jun Zhu
2020 Poster: Efficient Learning of Generative Models via Finite-Difference Score Matching »
Tianyu Pang · Kun Xu · Chongxuan LI · Yang Song · Stefano Ermon · Jun Zhu
2020 Poster: Calibrated Reliable Regression using Maximum Mean Discrepancy »
Peng Cui · Wenbo Hu · Jun Zhu
2020 Poster: Boosting Adversarial Training with Hypersphere Embedding »
Tianyu Pang · Xiao Yang · Yinpeng Dong · Kun Xu · Jun Zhu · Hang Su
2020 Poster: Adversarial Distributional Training for Robust Deep Learning »
Yinpeng Dong · Zhijie Deng · Tianyu Pang · Jun Zhu · Hang Su
2020 Poster: Understanding and Exploring the Network with Stochastic Architectures »
Zhijie Deng · Yinpeng Dong · Shifeng Zhang · Jun Zhu
2019 Poster: Generative Well-intentioned Networks »
Justin Cosentino · Jun Zhu
2019 Poster: Multi-objects Generation with Amortized Structural Regularization »
Kun Xu · Chongxuan LI · Jun Zhu · Bo Zhang
2018 Poster: Towards Robust Detection of Adversarial Examples »
Tianyu Pang · Chao Du · Yinpeng Dong · Jun Zhu
2018 Spotlight: Towards Robust Detection of Adversarial Examples »
Tianyu Pang · Chao Du · Yinpeng Dong · Jun Zhu
2018 Poster: Graphical Generative Adversarial Networks »
Chongxuan LI · Max Welling · Jun Zhu · Bo Zhang
2017 Poster: Triple Generative Adversarial Nets »
Chongxuan LI · Kun Xu · Jun Zhu · Bo Zhang
2017 Poster: Population Matching Discrepancy and Applications in Deep Learning »
Jianfei Chen · Chongxuan LI · Yizhong Ru · Jun Zhu
2016 Poster: Kernel Bayesian Inference with Posterior Regularization »
Yang Song · Jun Zhu · Yong Ren
2016 Poster: Stochastic Gradient Geodesic MCMC Methods »
Chang Liu · Jun Zhu · Yang Song
2016 Poster: Conditional Generative Moment-Matching Networks »
Yong Ren · Jun Zhu · Jialian Li · Yucen Luo
2015 Poster: Max-Margin Majority Voting for Learning from Crowds »
TIAN TIAN · Jun Zhu
2015 Poster: Max-Margin Deep Generative Models »
Chongxuan Li · Jun Zhu · Tim Shi · Bo Zhang
2014 Poster: Distributed Bayesian Posterior Sampling via Moment Sharing »
Minjie Xu · Balaji Lakshminarayanan · Yee Whye Teh · Jun Zhu · Bo Zhang
2014 Poster: Spectral Methods for Supervised Topic Models »
Yining Wang · Jun Zhu
2014 Poster: Robust Bayesian Max-Margin Clustering »
Changyou Chen · Jun Zhu · Xinhua Zhang
2013 Poster: Scalable Inference for Logistic-Normal Topic Models »
Jianfei Chen · Jun Zhu · Zi Wang · Xun Zheng · Bo Zhang
2012 Poster: Monte Carlo Methods for Maximum Margin Supervised Topic Models »
Qixia Jiang · Jun Zhu · Maosong Sun · Eric Xing
2012 Poster: Bayesian Nonparametric Maximum Margin Matrix Factorization for Collaborative Prediction »
Minjie Xu · Jun Zhu · Bo Zhang
2011 Poster: Infinite Latent SVM for Classification and Multi-task Learning »
Jun Zhu · Ning Chen · Eric Xing
2010 Poster: Large Margin Learning of Upstream Scene Understanding Models »
Jun Zhu · Li-Jia Li · Li Fei-Fei · Eric Xing
2010 Poster: Predictive Subspace Learning for Multi-view Data: a Large Margin Approach »
Ning Chen · Jun Zhu · Eric Xing
2010 Poster: Adaptive Multi-Task Lasso: with Application to eQTL Detection »
Seunghak Lee · Jun Zhu · Eric Xing
2010 Poster: Efficient Relational Learning with Hidden Variable Detection »
Ni Lao · Jun Zhu · Liu Xinwang · Yandong Liu · William Cohen
2008 Poster: Partially Observed Maximum Entropy Discrimination Markov Networks »
Jun Zhu · Eric Xing · Bo Zhang