Boosting Decision-Based Black-Box Adversarial Attack with Gradient Priors
Authors: Han Liu, Xingshuo Huang, Xiaotong Zhang, Qimai Li, Fenglong Ma, Wei Wang, Hongyang Chen, Hong Yu, Xianchao Zhang
IJCAI 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments have demonstrated that the proposed method outperforms other strong baselines significantly. |
| Researcher Affiliation | Academia | 1Dalian University of Technology, Dalian, China 2The Hong Kong Polytechnic University, Hong Kong, China 3The Pennsylvania State University, Pennsylvania, USA 4Shenzhen MSU-BIT University, Shenzhen, China 5Zhejiang Lab, Hangzhou, China |
| Pseudocode | Yes | Algorithm 1 Gradient Estimation with Priors |
| Open Source Code | No | The paper does not provide concrete access to source code for the methodology described. |
| Open Datasets | Yes | For offline experiments, we first conduct preliminary experiments on a simple dataset MNIST [Le Cun, 1998]. Then we make a comprehensive evaluation on Image Net [Deng et al., 2009] and Celeba [Liu et al., 2015] datasets. |
| Dataset Splits | No | The paper states: "For different datasets, we exactly follow [Li et al., 2020a] to randomly select 50 pairs of correctly classified images from the validation set of each dataset as the target images and the initial adversarial images." While it mentions using a 'validation set' and cites a paper, it does not provide specific details on the dataset splits (e.g., percentages, sample counts) within the current paper, which is necessary for reproducibility of the data partitioning. |
| Hardware Specification | No | The paper mentions: "We also would like to thank Dalian Ascend AI Computing Center and Dalian Ascend AI Ecosystem Innovation Center for providing inclusive computing power and technical support." However, it does not provide specific hardware details such as exact GPU/CPU models, processor types, or memory amounts used for running experiments. |
| Software Dependencies | No | The paper states: "We develop our framework based on the FoolBox library [Rauber et al., 2017; Rauber et al., 2020]." However, it does not specify a version number for the FoolBox library or any other software components, which is necessary for reproducible software dependencies. |
| Experiment Setup | Yes | The image size of MNIST is 28x28, we set the spacial sensitivity σs = 2 and the range sensitivity σr = 8/255. For other datasets, we resize their image size to 3x224x224, and set σs = 8 and σr = 32/255. We set the time-dependent length k = 5, the MSE threshold τ = 0.2 and the cosine similarity threshold ρ = 0.1 respectively. We set B = 100, which is the number of perturbations selected in each gradient estimation. We use the l2 norm as the distance measure function d( ). In addition, we set the step size ξt = ||x(t)adv − x||2 /√t and the perturbation size δt = ||x(t)adv − x||2 /dim, where t is the iteration number and dim is the input dimension. |