Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/179289
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Liu, Renyang | en_US |
dc.contributor.author | Zhou, Wei | en_US |
dc.contributor.author | Zhang, tianwei | en_US |
dc.contributor.author | Chen, Kangiie | en_US |
dc.contributor.author | Zhao, Jun | en_US |
dc.contributor.author | Lam, Kwok-Yan | en_US |
dc.date.accessioned | 2024-07-25T02:04:15Z | - |
dc.date.available | 2024-07-25T02:04:15Z | - |
dc.date.issued | 2024 | - |
dc.identifier.citation | Liu, R., Zhou, W., Zhang, T., Chen, K., Zhao, J. & Lam, K. (2024). Boosting black-box attack to deep neural networks with conditional diffusion models. IEEE Transactions On Information Forensics and Security, 19, 5207-5219. https://dx.doi.org/10.1109/TIFS.2024.3390609 | en_US |
dc.identifier.issn | 1556-6013 | en_US |
dc.identifier.uri | https://hdl.handle.net/10356/179289 | - |
dc.description.abstract | Existing black-box attacks have demonstrated promising potential in creating adversarial examples (AE) to deceive deep learning models. Most of these attacks need to handle a vast optimization space and require a large number of queries, hence exhibiting limited practical impacts in real-world scenarios. In this paper, we propose a novel black-box attack strategy, Conditional Diffusion Model Attack (CDMA), to improve the query efficiency of generating AEs under query-limited situations. The key insight of CDMA is to formulate the task of AE synthesis as a distribution transformation problem, i.e., benign examples and their corresponding AEs can be regarded as coming from two distinctive distributions and can transform from each other with a particular converter. Unlike the conventional query-and-optimization approach, we generate eligible AEs with direct conditional transform using the aforementioned data converter, which can significantly reduce the number of queries needed. CDMA adopts the conditional Denoising Diffusion Probabilistic Model as the converter, which can learn the transformation from clean samples to AEs, and ensure the smooth development of perturbed noise resistant to various defense strategies. We demonstrate the effectiveness and efficiency of CDMA by comparing it with nine state-of-the-art black-box attacks across three benchmark datasets. On average, CDMA can reduce the query count to a handful of times; in most cases, the query count is only ONE. We also show that CDMA can obtain >99% attack success rate for untargeted attacks over all datasets and targeted attack over CIFAR-10 with the noise budget of ϵ =16. | en_US |
dc.description.sponsorship | Info-communications Media Development Authority (IMDA) | en_US |
dc.description.sponsorship | National Research Foundation (NRF) | en_US |
dc.language.iso | en | en_US |
dc.relation.ispartof | IEEE Transactions on Information Forensics and Security | en_US |
dc.rights | © 2024 IEEE. All rights reserved. | en_US |
dc.subject | Computer and Information Science | en_US |
dc.title | Boosting black-box attack to deep neural networks with conditional diffusion models | en_US |
dc.type | Journal Article | en |
dc.contributor.school | School of Computer Science and Engineering | en_US |
dc.identifier.doi | 10.1109/TIFS.2024.3390609 | - |
dc.identifier.scopus | 2-s2.0-85190717032 | - |
dc.identifier.volume | 19 | en_US |
dc.identifier.spage | 5207 | en_US |
dc.identifier.epage | 5219 | en_US |
dc.subject.keywords | Robustness | en_US |
dc.subject.keywords | Perturbation methods | en_US |
dc.description.acknowledgement | This work was supported in part by the National Natural Science Foundation of China under Grant 62162067 and Grant 62101480; in part by the National Research Foundation, Singapore, and Infocomm Media Development Authority under its Trust Tech Funding Initiative, ABC Pte Ltd., and XYZ association; in part by the Yunnan Province Expert Workstations under Grant 202305AF15007; and in part by the Yunnan Fundamental Research Projects under Grant 202401AT070474. | en_US |
item.grantfulltext | none | - |
item.fulltext | No Fulltext | - |
Appears in Collections: | SCSE Journal Articles |
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.