GeoDA: a geometric framework for black-box adversarial attacks
dc.contributor.author
Rahmati, Ali
dc.contributor.author
Moosavi-Dezfooli, Seyed-Mohsen
dc.contributor.author
Frossard, Pascal
dc.contributor.author
Dai, Huaiyu
dc.date.accessioned
2021-03-05T09:03:56Z
dc.date.available
2021-01-21T10:00:02Z
dc.date.available
2021-03-05T09:03:56Z
dc.date.issued
2020
dc.identifier.isbn
978-1-7281-7168-5
en_US
dc.identifier.isbn
978-1-7281-7169-2
en_US
dc.identifier.other
10.1109/CVPR42600.2020.00847
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/464425
dc.description.abstract
Adversarial examples are known as carefully perturbed images fooling image classifiers. We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning the top-1 label of the classifier. Our framework is based on the observation that the decision boundary of deep networks usually has a small mean curvature in the vicinity of data samples. We propose an effective iterative algorithm to generate query-efficient black-box perturbations with small p norms which is confirmed via experimental evaluations on state-of-the-art natural image classifiers. Moreover, for p=2, we theoretically show that our algorithm actually converges to the minimal perturbation when the curvature of the decision boundary is bounded. We also obtain the optimal distribution of the queries over the iterations of the algorithm. Finally, experimental results confirm that our principled black-box attack algorithm performs better than state-of-the-art algorithms as it generates smaller perturbations with a reduced number of queries.
en_US
dc.language.iso
en
en_US
dc.publisher
IEEE
en_US
dc.title
GeoDA: a geometric framework for black-box adversarial attacks
en_US
dc.type
Conference Paper
dc.date.published
2020-08-05
ethz.book.title
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
en_US
ethz.pages.start
8443
en_US
ethz.pages.end
8452
en_US
ethz.event
2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2020) (virtual)
en_US
ethz.event.location
Seattle, WA, USA
en_US
ethz.event.date
June 13-19, 2020
en_US
ethz.notes
Due to the Coronavirus (COVID-19) the conference was conducted virtually.
en_US
ethz.publication.place
Piscataway, NJ
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02661 - Institut für Maschinelles Lernen / Institute for Machine Learning::09462 - Hofmann, Thomas / Hofmann, Thomas
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02661 - Institut für Maschinelles Lernen / Institute for Machine Learning::09462 - Hofmann, Thomas / Hofmann, Thomas
en_US
ethz.date.deposited
2021-01-21T10:00:09Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2021-03-05T09:04:08Z
ethz.rosetta.lastUpdated
2021-03-05T09:04:08Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=GeoDA:%20a%20geometric%20framework%20for%20black-box%20adversarial%20attacks&rft.date=2020&rft.spage=8443&rft.epage=8452&rft.au=Rahmati,%20Ali&Moosavi-Dezfooli,%20Seyed-Mohsen&Frossard,%20Pascal&Dai,%20Huaiyu&rft.isbn=978-1-7281-7168-5&978-1-7281-7169-2&rft.genre=proceeding&rft_id=info:doi/10.1109/CVPR42600.2020.00847&rft.btitle=2020%20IEEE/CVF%20Conference%20on%20Computer%20Vision%20and%20Pattern%20Recognition%20(CVPR)
Files in this item
| Files | Size | Format | Open in viewer |
|---|---|---|---|
|
There are no files associated with this item. |
|||
Publication type
-
Conference Paper [33125]