Do Not Overestimate Black-Box Attacks

ICLRW 2025

/iclrw/2025/wu2025iclrw-overestimate/

Abstract

As cloud computing becomes pervasive, deep learning models are deployed on cloud servers and then provided as APIs to end users. However, black-box adversarial attacks can fool image classification models without access to model structure and weights. Recent studies have reported attack success rates of over 95\% with fewer than 1,000 queries. Then the question arises: whether black-box attacks have become a real threat against cloud APIs? To shed some light on this, our research indicates that black-box attacks are not as effective against cloud APIs as proposed in research papers due to several common mistakes that overestimate the efficiency of black-box attacks. To avoid similar mistakes, we conduct black-box attacks directly on cloud APIs rather than local models.

PDF ICLRW OpenReview Semantic Scholar

Cite

Text

Wu et al. "Do Not Overestimate Black-Box Attacks." ICLR 2025 Workshops: ICBINB, 2025.

Markdown

[Wu et al. "Do Not Overestimate Black-Box Attacks." ICLR 2025 Workshops: ICBINB, 2025.](https://mlanthology.org/iclrw/2025/wu2025iclrw-overestimate/)

BibTeX

@inproceedings{wu2025iclrw-overestimate,
  title     = {{Do Not Overestimate Black-Box Attacks}},
  author    = {Wu, Han and Rowlands, Sareh and Wahlstrom, Johan},
  booktitle = {ICLR 2025 Workshops: ICBINB},
  year      = {2025},
  url       = {https://mlanthology.org/iclrw/2025/wu2025iclrw-overestimate/}
}