Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Query-Efficient Hard-label Black-box Attack: An Optimization-based Approach
Authors: Minhao Cheng, Thong Le, Pin-Yu Chen, Huan Zhang, JinFeng Yi, Cho-Jui Hsieh
ICLR 2019 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We test the performance of our hard-label black-box attack algorithm on convolutional neural network (CNN) models and compare with Boundary attack (Brendel et al., 2017), Limited attack (Ilyas et al., 2018) and a random trail baseline. |
| Researcher Affiliation | Collaboration | Minhao Cheng, Huan Zhang & Cho-Jui Hsieh Department of Computer Science University of California, Los Angeles EMAIL Thong Le Department of Computer Science University of California, Davis EMAIL Pin-Yu Chen IBM Research AI EMAIL Jinfeng Yi JD AI Research EMAIL |
| Pseudocode | Yes | Algorithm 1 Compute g(θ) locally ... Algorithm 2 RGF for hard-label black-box attack |
| Open Source Code | Yes | All models are trained using Pytorch and our source code is publicly available2. 2https://github.com/Le Minh Thong/blackbox-attack |
| Open Datasets | Yes | We use three standard datasets: MNIST (Le Cun et al., 1998), CIFAR-10 (Krizhevsky, 2009) and Image Net-1000 (Deng et al., 2009). ... We use two standard datasets: HIGGS (Baldi et al., 2014) for binary classification and MNIST (Le Cun et al., 1998) for multi-class classification. |
| Dataset Splits | Yes | For all the cases except Limited-attack, we conduct adversarial attacks for randomly sampled N = 100 images from validation sets. |
| Hardware Specification | No | The paper mentions models are trained using Pytorch but does not provide specific details about the hardware (e.g., GPU/CPU models, memory) used for running the experiments. |
| Software Dependencies | No | The paper mentions 'Pytorch' for training and 'Light GBM framework' but does not specify exact version numbers for these or other software dependencies. |
| Experiment Setup | Yes | We set q = 20 in all the experiments. ... We set t = 100 in all the experiments. ... we set β = 0.005 in all our experiments. ... We also restrict the maximum number of queries to be 1,000,000 for all attacks. |