Black-box Adversarial Attacks with Bayesian Optimization
Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, J. Zico Kolter
Code Available — Be the first to reproduce this paper.
ReproduceCode
- github.com/snu-mllab/parsimonious-blackbox-attackOfficialIn papertf★ 0
Abstract
We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples using information limited to loss function evaluations of input-output pairs. We use Bayesian optimization~(BO) to specifically cater to scenarios involving low query budgets to develop query efficient adversarial attacks. We alleviate the issues surrounding BO in regards to optimizing high dimensional deep learning models by effective dimension upsampling techniques. Our proposed approach achieves performance comparable to the state of the art black-box adversarial attacks albeit with a much lower average query count. In particular, in low query budget regimes, our proposed method reduces the query count up to 80\% with respect to the state of the art methods.