Simple Black-box Adversarial Attacks
Authors: Chuan Guo, Jacob Gardner, Yurong You, Andrew Gordon Wilson, Kilian Weinberger
ICML 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We demonstrate the efficacy and efficiency of our algorithm on several real world settings including the Google Cloud Vision API. We argue that our proposed algorithm should serve as a strong baseline for future blackbox attacks, in particular because it is extremely fast and its implementation requires less than 20 lines of Py Torch code. ... In this section, we evaluate our attack against a comprehensive list of competitive black-box attack algorithms: the Boundary Attack (Brendel et al., 2017), Opt attack (Cheng et al., 2018), Low Frequency Boundary Attack (LFBA) (Guo et al., 2018), Auto ZOOM (Tu et al., 2018), the QL attack (Ilyas et al., 2018a), and the Bandits-TD attack (Ilyas et al., 2018b). |
| Researcher Affiliation | Collaboration | Chuan Guo 1 Jacob R. Gardner 2 Yurong You 1 Andrew Gordon Wilson 1 Kilian Q. Weinberger 1 ... 1Department of Computer Science, Cornell University, Ithaca, New York, USA 2Uber AI Labs, San Francisco, California, USA. |
| Pseudocode | Yes | Algorithm 1 Sim BA in Pseudocode |
| Open Source Code | Yes | Due to its simplicity it can be implemented in Py Torch in under 20 lines of code1 ... 1https://github.com/cg563/simple-blackbox-attack |
| Open Datasets | Yes | We first evaluate our method on Image Net. We sample a set of 1000 images from the Image Net validation set that are initially classified correctly to avoid artificially inflating the success rate. |
| Dataset Splits | Yes | We sample a set of 1000 images from the Image Net validation set that are initially classified correctly to avoid artificially inflating the success rate. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory) used for running the experiments. It mentions using pre-trained models (Res Net-50, Inception v3, Dense Net-121) and the Google Cloud Vision API, which are software models and a service, respectively, not hardware specifications. |
| Software Dependencies | No | The paper mentions "implemented in Py Torch" but does not provide a specific version number for PyTorch or any other software dependencies. |
| Experiment Setup | Yes | In our experiments, we limit Sim BA and Sim BA-DCT to at most T = 10, 000 iterations for untargeted attacks and to T = 30, 000 for targeted attacks. For Sim BA-DCT, we keep the first 1/8th of all frequencies, and add an additional 1/32nd of the frequencies whenever we exhaust available frequencies without succeeding. For both methods, we use a fixed step size of ϵ = 0.2. |