Timezone: »
We focus on the problem of adversarial attacks against models on discrete sequential data in the black-box setting where the attacker aims to craft adversarial examples with limited query access to the victim model. Existing black-box attacks, mostly based on greedy algorithms, find adversarial examples using pre-computed key positions to perturb, which severely limits the search space and might result in suboptimal solutions. To this end, we propose a query-efficient black-box attack using Bayesian optimization, which dynamically computes important positions using an automatic relevance determination (ARD) categorical kernel. We introduce block decomposition and history subsampling techniques to improve the scalability of Bayesian optimization when an input sequence becomes long. Moreover, we develop a post-optimization algorithm that finds adversarial examples with smaller perturbation size. Experiments on natural language and protein classification tasks demonstrate that our method consistently achieves higher attack success rate with significant reduction in query count and modification rate compared to the previous state-of-the-art methods.
Author Information
Deokjae Lee (Seoul National University)
Seungyong Moon (Seoul National University)
Junhyeok Lee (Seoul National University)
Hyun Oh Song (Seoul National University)
Related Events (a corresponding poster, oral, or spotlight)
-
2022 Poster: Query-Efficient and Scalable Black-Box Adversarial Attacks on Discrete Sequential Data via Bayesian Optimization »
Wed. Jul 20th through Thu the 21st Room Hall E #313
More from the Same Authors
-
2023 Poster: Efficient Latency-Aware CNN Depth Compression via Two-Stage Dynamic Programming »
Jinuk Kim · Yeonwoo Jeong · Deokjae Lee · Hyun Oh Song -
2022 Poster: Dataset Condensation via Efficient Synthetic-Data Parameterization »
Jang-Hyun Kim · Jinuk Kim · Seong Joon Oh · Sangdoo Yun · Hwanjun Song · Joonhyun Jeong · Jung-Woo Ha · Hyun Oh Song -
2022 Spotlight: Dataset Condensation via Efficient Synthetic-Data Parameterization »
Jang-Hyun Kim · Jinuk Kim · Seong Joon Oh · Sangdoo Yun · Hwanjun Song · Joonhyun Jeong · Jung-Woo Ha · Hyun Oh Song -
2020 Poster: Puzzle Mix: Exploiting Saliency and Local Statistics for Optimal Mixup »
Jang-Hyun Kim · Wonho Choo · Hyun Oh Song -
2019 Poster: Learning Discrete and Continuous Factors of Data via Alternating Disentanglement »
Yeonwoo Jeong · Hyun Oh Song -
2019 Oral: Learning Discrete and Continuous Factors of Data via Alternating Disentanglement »
Yeonwoo Jeong · Hyun Oh Song -
2019 Poster: Parsimonious Black-Box Adversarial Attacks via Efficient Combinatorial Optimization »
Seungyong Moon · Gaon An · Hyun Oh Song -
2019 Oral: Parsimonious Black-Box Adversarial Attacks via Efficient Combinatorial Optimization »
Seungyong Moon · Gaon An · Hyun Oh Song -
2019 Poster: EMI: Exploration with Mutual Information »
Hyoungseok Kim · Jaekyeom Kim · Yeonwoo Jeong · Sergey Levine · Hyun Oh Song -
2019 Oral: EMI: Exploration with Mutual Information »
Hyoungseok Kim · Jaekyeom Kim · Yeonwoo Jeong · Sergey Levine · Hyun Oh Song -
2018 Poster: Efficient end-to-end learning for quantizable representations »
Yeonwoo Jeong · Hyun Oh Song -
2018 Oral: Efficient end-to-end learning for quantizable representations »
Yeonwoo Jeong · Hyun Oh Song