Robustness with query-efficient adversarial attack using reinforcement learning
A measure of robustness against naturally occurring distortions is key to safety, success, and
trustworthiness of machine learning models on deployment. We propose an adversarial …
trustworthiness of machine learning models on deployment. We propose an adversarial …
Adversarial attack on attackers: Post-process to mitigate black-box score-based query attacks
The score-based query attacks (SQAs) pose practical threats to deep neural networks by
crafting adversarial perturbations within dozens of queries, only using the model's output …
crafting adversarial perturbations within dozens of queries, only using the model's output …
STDatav2: Accessing Efficient Black-Box Stealing for Adversarial Attacks
On account of the extreme settings, stealing the black-box model without its training data is
difficult in practice. On this topic, along the lines of data diversity, this paper substantially …
difficult in practice. On this topic, along the lines of data diversity, this paper substantially …
Reinforcement learning based black-box adversarial attack for robustness improvement
We propose a Reinforcement Learning (RL) based adversarial Black-box attack (RLAB) that
aims at adding minimum distortion to the input iteratively to deceive image classification …
aims at adding minimum distortion to the input iteratively to deceive image classification …
Sok: Pitfalls in evaluating black-box attacks
Numerous works study black-box attacks on image classifiers, where adversaries generate
adversarial examples against unknown target models without having access to their internal …
adversarial examples against unknown target models without having access to their internal …
Unifying gradients to improve real-world robustness for deep networks
The wide application of deep neural networks (DNNs) demands an increasing amount of
attention to their real-world robustness, ie, whether a DNN resists black-box adversarial …
attention to their real-world robustness, ie, whether a DNN resists black-box adversarial …