GenatTack: Practical black-box attacks with gradient-free optimization

Moustafa Alzantot, Huan Zhang, Yash Sharma, Cho Jui Hsieh, Supriyo Chakraborty, Mani B. Srivastava

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deep neural networks are vulnerable to adversarial examples, even in the black-box setting, where the attacker is restricted solely to query access. Existing black-box approaches to generating adversarial examples typically require a significant number of queries, either for training a substitute network or performing gradient estimation. We introduce GenAttack, a gradient-free optimization technique that uses genetic algorithms for synthesizing adversarial examples in the black-box setting. Our experiments on different datasets (MNIST, CIFAR-10, and ImageNet) show that GenAttack can successfully generate visually imperceptible adversarial examples against state-of-the-art image recognition models with orders of magnitude fewer queries than previous approaches. Against MNIST and CIFAR-10 models, GenAttack required roughly 2,126 and 2,568 times fewer queries respectively, than ZOO, the prior state-of-the-art black-box attack. In order to scale up the attack to large-scale high-dimensional ImageNet models, we perform a series of optimizations that further improve the query efficiency of our attack leading to 237 times fewer queries against the Inception-v3 model than ZOO. Furthermore, we show that GenAttack can successfully attack some state-of-the-art ImageNet defenses, including ensemble adversarial training and non-differentiable or randomized input transformations. Our results suggest that evolutionary algorithms open up a promising area of research into effective black-box attacks.

Original languageEnglish (US)
Title of host publicationGECCO 2019 - Proceedings of the 2019 Genetic and Evolutionary Computation Conference
PublisherAssociation for Computing Machinery
Pages1111-1119
Number of pages9
ISBN (Electronic)9781450361118
DOIs
StatePublished - Jul 13 2019
Externally publishedYes
Event2019 Genetic and Evolutionary Computation Conference, GECCO 2019 - Prague, Czech Republic
Duration: Jul 13 2019Jul 17 2019

Publication series

NameGECCO 2019 - Proceedings of the 2019 Genetic and Evolutionary Computation Conference

Conference

Conference2019 Genetic and Evolutionary Computation Conference, GECCO 2019
Country/TerritoryCzech Republic
CityPrague
Period7/13/197/17/19

Keywords

  • Adversarial Examples
  • Computer Vision
  • Deep Learning
  • Genetic Algorithm

ASJC Scopus subject areas

  • Computational Mathematics

Fingerprint

Dive into the research topics of 'GenatTack: Practical black-box attacks with gradient-free optimization'. Together they form a unique fingerprint.

Cite this