Adaptive hyperparameter optimization for black-box adversarial attack

被引:0
|
作者
Zhenyu Guan
Lixin Zhang
Bohan Huang
Bihe Zhao
Song Bian
机构
[1] Beihang University,School of Cyber Science and Technology
来源
International Journal of Information Security | 2023年 / 22卷
关键词
Deep learning; Adversarial attack; Reinforcement learning; Hyperparameter optimization;
D O I
暂无
中图分类号
学科分类号
摘要
The study of adversarial attacks is crucial in the design of robust neural network models. In this work, we propose a hyperparameter optimization framework for black-box adversarial attacks. We observe that hyperparameters are extremely important to enhance the query efficiency of many black-box adversarial attack methods. Hence, we propose an adaptive hyperparameter tuning framework such that, in each query iteration, the attacker can adaptively selects the hyperparameter configuration based on the feedback from the victim to improve the attack success rate and query efficiency of the attack algorithm. The experiment results show, by adaptively tuning the attack hyperparameters, our technique outperforms the original algorithm, where the query efficiency is improved by 33.63% on the NES algorithm for untargeted attacks, 44.47% on the Bandits algorithm for untargeted attacks, and 32.24% improvement on the Bandits algorithm for targeted attacks.
引用
收藏
页码:1765 / 1779
页数:14
相关论文
共 50 条
  • [1] Adaptive hyperparameter optimization for black-box adversarial attack
    Guan, Zhenyu
    Zhang, Lixin
    Huang, Bohan
    Zhao, Bihe
    Bian, Song
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 22 (06) : 1765 - 1779
  • [2] Black-Box Adversarial Attack via Topological Adaptive Particle Swarm Optimization
    Yu Z.
    Kang J.
    Ye O.
    Jisuanji Fuzhu Sheji Yu Tuxingxue Xuebao/Journal of Computer-Aided Design and Computer Graphics, 2023, 35 (08): : 1239 - 1248
  • [3] An Effective Way to Boost Black-Box Adversarial Attack
    Feng, Xinjie
    Yao, Hongxun
    Che, Wenbin
    Zhang, Shengping
    MULTIMEDIA MODELING (MMM 2020), PT I, 2020, 11961 : 393 - 404
  • [4] SIMULATOR ATTACK plus FOR BLACK-BOX ADVERSARIAL ATTACK
    Ji, Yimu
    Ding, Jianyu
    Chen, Zhiyu
    Wu, Fei
    Zhang, Chi
    Sun, Yiming
    Sun, Jing
    Liu, Shangdong
    2022 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2022, : 636 - 640
  • [5] Black-box Adversarial Attack on License Plate Recognition System
    Chen J.-Y.
    Shen S.-J.
    Su M.-M.
    Zheng H.-B.
    Xiong H.
    Zidonghua Xuebao/Acta Automatica Sinica, 2021, 47 (01): : 121 - 135
  • [6] Black-Box Adversarial Attack via Overlapped Shapes
    Williams, Phoenix
    Li, Ke
    Min, Geyong
    PROCEEDINGS OF THE 2022 GENETIC AND EVOLUTIONARY COMPUTATION CONFERENCE COMPANION, GECCO 2022, 2022, : 467 - 468
  • [7] HYBRID ADVERSARIAL SAMPLE CRAFTING FOR BLACK-BOX EVASION ATTACK
    Zheng, Juan
    He, Zhimin
    Lin, Zhe
    2017 INTERNATIONAL CONFERENCE ON WAVELET ANALYSIS AND PATTERN RECOGNITION (ICWAPR), 2017, : 236 - 242
  • [8] Black-box Adversarial Attack and Defense on Graph Neural Networks
    Li, Haoyang
    Di, Shimin
    Li, Zijian
    Chen, Lei
    Cao, Jiannong
    2022 IEEE 38TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE 2022), 2022, : 1017 - 1030
  • [9] Superpixel Attack Enhancing Black-Box Adversarial Attack with Image-Driven Division Areas
    Oe, Issa
    Yamamura, Keiichiro
    Ishikura, Hiroki
    Hamahira, Ryo
    Fujisawa, Katsuki
    ADVANCES IN ARTIFICIAL INTELLIGENCE, AI 2023, PT I, 2024, 14471 : 141 - 152
  • [10] attackGAN: Adversarial Attack against Black-box IDS using Generative Adversarial Networks
    Zhao, Shuang
    Li, Jing
    Wang, Jianmin
    Zhang, Zhao
    Zhu, Lin
    Zhang, Yong
    2020 INTERNATIONAL CONFERENCE ON IDENTIFICATION, INFORMATION AND KNOWLEDGE IN THE INTERNET OF THINGS (IIKI2020), 2021, 187 : 128 - 133
12345