Sparse-RS: A Versatile Framework for Query-Efficient Sparse Black-Box Adversarial Attacks
Abstract
We propose a versatile framework based on random search, Sparse-RS, for score-based sparse targeted and untargeted attacks in the black-box setting. Sparse-RS does not rely on substitute models and achieves state-of-the-art success rate and query efficiency for multiple sparse attack models: L0-bounded perturbations, adversarial patches, and adversarial frames. The L0-version of untargeted Sparse-RS outperforms all black-box and even all white-box attacks for different models on MNIST, CIFAR-10, and ImageNet. Moreover, our untargeted Sparse-RS achieves very high success rates even for the challenging settings of 20x20 adversarial patches and 2-pixel wide adversarial frames for 224x224 images. Finally, we show that Sparse-RS can be applied to generate targeted universal adversarial patches where it significantly outperforms the existing approaches. Our code is available at https://github.com/fra31/sparse-rs.
Cite
Text
Croce et al. "Sparse-RS: A Versatile Framework for Query-Efficient Sparse Black-Box Adversarial Attacks." AAAI Conference on Artificial Intelligence, 2022. doi:10.1609/AAAI.V36I6.20595Markdown
[Croce et al. "Sparse-RS: A Versatile Framework for Query-Efficient Sparse Black-Box Adversarial Attacks." AAAI Conference on Artificial Intelligence, 2022.](https://mlanthology.org/aaai/2022/croce2022aaai-sparse/) doi:10.1609/AAAI.V36I6.20595BibTeX
@inproceedings{croce2022aaai-sparse,
title = {{Sparse-RS: A Versatile Framework for Query-Efficient Sparse Black-Box Adversarial Attacks}},
author = {Croce, Francesco and Andriushchenko, Maksym and Singh, Naman D. and Flammarion, Nicolas and Hein, Matthias},
booktitle = {AAAI Conference on Artificial Intelligence},
year = {2022},
pages = {6437-6445},
doi = {10.1609/AAAI.V36I6.20595},
url = {https://mlanthology.org/aaai/2022/croce2022aaai-sparse/}
}