HopSkipJumpAttack: A Query-Efficient Decision-Based Attack

From MaRDI portal
Publication:6316650

arXiv1904.02144MaRDI QIDQ6316650FDOQ6316650


Authors: Jianbo Chen, Michael I. Jordan, Martin J. Wainwright Edit this on Wikidata


Publication date: 3 April 2019

Abstract: The goal of a decision-based adversarial attack on a trained model is to generate adversarial examples based solely on observing output labels returned by the targeted model. We develop HopSkipJumpAttack, a family of algorithms based on a novel estimate of the gradient direction using binary information at the decision boundary. The proposed family includes both untargeted and targeted attacks optimized for ell2 and ellinfty similarity metrics respectively. Theoretical analysis is provided for the proposed algorithms and the gradient direction estimate. Experiments show HopSkipJumpAttack requires significantly fewer model queries than Boundary Attack. It also achieves competitive performance in attacking several widely-used defense mechanisms. (HopSkipJumpAttack was named Boundary Attack++ in a previous version of the preprint.)




Has companion code repository: https://github.com/Jianbo-Lab/HSJA









This page was built for publication: HopSkipJumpAttack: A Query-Efficient Decision-Based Attack

Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q6316650)

Retrieved from "https://portal.mardi4nfdi.de/w/index.php?title=Publication:6316650&oldid=35910193"
Powered by MediaWiki