Efficient Black-Box Search for Adversarial Examples using Relevance Masks

Freiling F, Tavakoli Kolagari R, Auernhammer K (2020)

Publication Language: English

Publication Type: Conference contribution

Publication year: 2020

Publisher: Association for Computing Machinery

City/Town: New York, NY

Pages Range: 2

Conference Proceedings Title: DYNAMICS '20: Proceedings of the 2020 Workshop on DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security

Event location: Lexington, MA, Virtual, Online US

ISBN: 9781450387149

DOI: 10.1145/3477997.3478013

Abstract

Machine learning classifiers for image recognition are prevalent in many applications. We study the problem of finding adversarial examples for such classifiers, i.e., to manipulate the images in such a way that they still look like the original images to a human but are misinterpreted by the classifier. Finding adversarial examples corresponds to a search problem in the image space. We focus on black-box attacks that can only use the original classifier to guide the search. The challenge is not to find adversarial examples, but rather to find them efficiently, ideally in real time. We show two novel methods that increase the efficiency of black-box search algorithms for adversarial examples: The first uses a relevance mask, i.e., a bitmask on the original image that restricts the search to those pixels that appear to be more relevant to the attacked classifier than others. The second exploits the discovery of merge drift, a phenomenon that negatively affects search algorithms that are based on the merging of image candidates. We evaluate both concepts on existing and new algorithms.

Authors with CRIS profile

Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Involved external institutions

Technische Hochschule Nürnberg "Georg Simon Ohm" DE Germany (DE)

How to cite

APA:

Freiling, F., Tavakoli Kolagari, R., & Auernhammer, K. (2020). Efficient Black-Box Search for Adversarial Examples using Relevance Masks. In DYNAMICS '20: Proceedings of the 2020 Workshop on DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security (pp. 2). Lexington, MA, Virtual, Online, US: New York, NY: Association for Computing Machinery.

MLA:

Freiling, Felix, Ramin Tavakoli Kolagari, and Katja Auernhammer. "Efficient Black-Box Search for Adversarial Examples using Relevance Masks." Proceedings of the 2020 Workshop on DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security, DYNAMICS 2020, Lexington, MA, Virtual, Online New York, NY: Association for Computing Machinery, 2020. 2.

BibTeX: Download