Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries
USENIX Security Symposium, pp. 1327-1344, 2019.
Our hybrid attack strategy dramatically improves state-of-the-art results in terms of the average query cost, and provides more accurate estimation of cost of black-box adversaries
In a black-box setting, the adversary only has API access to the target model and each query is expensive. Prior work on black-box adversarial examples follows one of two main strategies: (1) transfer attacks use white-box attacks on local models to find candidate adversarial examples that transfer to the target model, and (2) optimizat...More
PPT (Upload PPT)