Proceedings 2022 Network and Distributed System Security Symposium 2022
DOI: 10.14722/ndss.2022.24200
|View full text |Cite
|
Sign up to set email alerts
|

RamBoAttack: A Robust and Query Efficient Deep Neural Network Decision Exploit

Abstract: Machine learning models are critically susceptible to evasion attacks from adversarial examples. Generally, adversarial examples-modified inputs deceptively similar to the original input-are constructed under whitebox access settings by adversaries with full access to the model. However, recent attacks have shown a remarkable reduction in the number of queries to craft adversarial examples using blackbox attacks. Particularly alarming is the now, practical, ability to exploit simply the classification decision… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(3 citation statements)
references
References 11 publications
0
3
0
Order By: Relevance
“…Reliable attack precisely selects the magnitude of an update [15], [19]. The genetic algorithm was proposed to be applied, finding the optimal step on a sparse decision space [29]. Wu et al introduced Decision-based Universal Attack (DUAttack), which is an algorithm to build a universal perturbation using decisions [11].…”
Section: ) Decision-based Methodsmentioning
confidence: 99%
“…Reliable attack precisely selects the magnitude of an update [15], [19]. The genetic algorithm was proposed to be applied, finding the optimal step on a sparse decision space [29]. Wu et al introduced Decision-based Universal Attack (DUAttack), which is an algorithm to build a universal perturbation using decisions [11].…”
Section: ) Decision-based Methodsmentioning
confidence: 99%
“…The mutation operation in DE encodes the real number space and realizes the diversity of offspring through the mutation operation, e.g., randomly changing the partial bits of p r (Ω r ) from 0 to 1 while we perform in the binary space. Since mutation operation is the critical component of the evolution strategy for population diversity, one recent work [38] proposed to combine the uniform crossover and mutation to achieve richer offspring diversity. Inspired by the DE algorithm and the GA, we obtain the optimal binary parameter Ω through the uniform crossover and mutation in a hybrid and sequential manner.…”
Section: Synthesizing the Adversarial Video Via Parameter Groupsmentioning
confidence: 99%
“…Unfortunately, ML-based AMD techniques are vulnerable to attacks [20,22,24,30,64,65,71]. To evade them, adversaries can manipulate malicious applications in the problem space, causing the feature vector to cross the ML classifier's decision boundary.…”
Section: Introductionmentioning
confidence: 99%