Saliency Attack: Towards Imperceptible Black-box Adversarial Attack

Dai, Zeyu1,2; Liu, Shengcai3; Li, Qing4; Tang, Ke5

2023-06-01

10.1145/3582563

ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY   影响因子和分区

2157-6904

2157-6912

Deep neural networks are vulnerable to adversarial examples, even in the black-box setting where the attacker is only accessible to the model output. Recent studies have devised effective black-box attacks with high query efficiency. However, such performance is often accompanied by compromises in attack imperceptibility, hindering the practical use of these approaches. In this article, we propose to restrict the perturbations to a small salient region to generate adversarial examples that can hardly be perceived. This approach is readily compatible with many existing black-box attacks and can significantly improve their imperceptibility with little degradation in attack success rates. Furthermore, we propose the Saliency Attack, a newblack-box attack aiming to refine the perturbations in the salient region to achieve even better imperceptibility. Extensive experiments showthat compared to the state-of-the-art black-box attacks, our approach achievesmuch better imperceptibility scores, including most apparent distortion (MAD), L-0 and L-2 distances, and also obtains significantly better true success rate and effective query number judged by a human-like threshold on MAD. Importantly, the perturbations generated by our approach are interpretable to some extent. Finally, it is also demonstrated to be robust to different detection-based defenses.

Adversarial example black-box adversarial attack saliency map deep neural networks

SCI

英语

第一 ; 通讯

National Key Research and Development Program of China[2022YFA1004102] ; National Natural Science Foundation of China[62250710682] ; Program for Guangdong Introducing Innovative and Entrepreneurial Teams[2017ZT07X386] ; Hong Kong Research Grants Council under the General Research Fund[15200021]

Computer Science

Computer Science, Artificial Intelligence ; Computer Science, Information Systems

WOS:001000229800007

ASSOC COMPUTING MACHINERY

Web of Science

1.Southern Univ Sci & Technol, Res Inst Trustworthy Autonomous Syst, Shenzhen, Peoples R China
2.Hong Kong Polytechn Univ, Hong Kong, Peoples R China
3.Southern Univ Sci & Technol, Dept Comp Sci & Engn, Shenzhen 518055, Peoples R China
4.Hong Kong Polytechn Univ, Dept Comp, Hong Kong, Peoples R China
5.Southern Univ Sci & Technol, Res Inst Trustworthy Autonomous Syst, Shenzhen 518055, Peoples R China

Dai, Zeyu,Liu, Shengcai,Li, Qing,et al. Saliency Attack: Towards Imperceptible Black-box Adversarial Attack[J]. ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY,2023,14(3).

Dai, Zeyu,Liu, Shengcai,Li, Qing,&Tang, Ke.(2023).Saliency Attack: Towards Imperceptible Black-box Adversarial Attack.ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY,14(3).

Dai, Zeyu,et al."Saliency Attack: Towards Imperceptible Black-box Adversarial Attack".ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY 14.3(2023).