TY - GEN
T1 - GenatTack
T2 - 2019 Genetic and Evolutionary Computation Conference, GECCO 2019
AU - Alzantot, Moustafa
AU - Zhang, Huan
AU - Sharma, Yash
AU - Hsieh, Cho Jui
AU - Chakraborty, Supriyo
AU - Srivastava, Mani B.
N1 - Funding Information:
This research was supported in part by the U.S. Army Research Laboratory and the UK Ministry of Defence under Agreement Number W911NF-16-3-0001, the National Science Foundation under awards # CNS-1705135, IIS-1719097, and OAC-1640813, and the NIH Center of Excellence for Mobile Sensor Data-to-Knowledge (MD2K) under award 1-U54EB020404-01. Any findings in this material are those of the author(s) and do not reflect the views of any of the above funding agencies. The U.S. and U.K. Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon.
Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/7/13
Y1 - 2019/7/13
N2 - Deep neural networks are vulnerable to adversarial examples, even in the black-box setting, where the attacker is restricted solely to query access. Existing black-box approaches to generating adversarial examples typically require a significant number of queries, either for training a substitute network or performing gradient estimation. We introduce GenAttack, a gradient-free optimization technique that uses genetic algorithms for synthesizing adversarial examples in the black-box setting. Our experiments on different datasets (MNIST, CIFAR-10, and ImageNet) show that GenAttack can successfully generate visually imperceptible adversarial examples against state-of-the-art image recognition models with orders of magnitude fewer queries than previous approaches. Against MNIST and CIFAR-10 models, GenAttack required roughly 2,126 and 2,568 times fewer queries respectively, than ZOO, the prior state-of-the-art black-box attack. In order to scale up the attack to large-scale high-dimensional ImageNet models, we perform a series of optimizations that further improve the query efficiency of our attack leading to 237 times fewer queries against the Inception-v3 model than ZOO. Furthermore, we show that GenAttack can successfully attack some state-of-the-art ImageNet defenses, including ensemble adversarial training and non-differentiable or randomized input transformations. Our results suggest that evolutionary algorithms open up a promising area of research into effective black-box attacks.
AB - Deep neural networks are vulnerable to adversarial examples, even in the black-box setting, where the attacker is restricted solely to query access. Existing black-box approaches to generating adversarial examples typically require a significant number of queries, either for training a substitute network or performing gradient estimation. We introduce GenAttack, a gradient-free optimization technique that uses genetic algorithms for synthesizing adversarial examples in the black-box setting. Our experiments on different datasets (MNIST, CIFAR-10, and ImageNet) show that GenAttack can successfully generate visually imperceptible adversarial examples against state-of-the-art image recognition models with orders of magnitude fewer queries than previous approaches. Against MNIST and CIFAR-10 models, GenAttack required roughly 2,126 and 2,568 times fewer queries respectively, than ZOO, the prior state-of-the-art black-box attack. In order to scale up the attack to large-scale high-dimensional ImageNet models, we perform a series of optimizations that further improve the query efficiency of our attack leading to 237 times fewer queries against the Inception-v3 model than ZOO. Furthermore, we show that GenAttack can successfully attack some state-of-the-art ImageNet defenses, including ensemble adversarial training and non-differentiable or randomized input transformations. Our results suggest that evolutionary algorithms open up a promising area of research into effective black-box attacks.
KW - Adversarial Examples
KW - Computer Vision
KW - Deep Learning
KW - Genetic Algorithm
UR - http://www.scopus.com/inward/record.url?scp=85072339259&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072339259&partnerID=8YFLogxK
U2 - 10.1145/3321707.3321749
DO - 10.1145/3321707.3321749
M3 - Conference contribution
AN - SCOPUS:85072339259
T3 - GECCO 2019 - Proceedings of the 2019 Genetic and Evolutionary Computation Conference
SP - 1111
EP - 1119
BT - GECCO 2019 - Proceedings of the 2019 Genetic and Evolutionary Computation Conference
PB - Association for Computing Machinery
Y2 - 13 July 2019 through 17 July 2019
ER -