Skip to content
/ QEBA Public

Code for CVPR2020 paper QEBA: Query-Efficient Boundary-Based Blackbox Attack

Notifications You must be signed in to change notification settings

AI-secure/QEBA

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

CVPR2020-QEBA

This is the code repository accompanying the paper: QEBA: Query-Efficient Boundary-Based Blackbox Attack.

In this work, we propose the QEBA method that can perform adversarial attack based only on the final prediction labels of a victim model. We theoretically show why previous boundary-based attack with gradient estimation on the whole gradient space is not efficient in terms of query numbers, and provide optimality analysis for our dimension reduction-based gradient estimation. Extensive experiments on ImageNet and CelebA show that compared with the state-of-the-art blackbox attacks, QEBA is able to use a smaller number of queries to achieve a lower magnitude of perturbation with 100% attack success rate.

The code is based on the foolbox project (https://github.com/bethgelab/foolbox). Please check the repository of our newer project: Nonlinear Projection Based Gradient Estimation for Query EfficientBlackbox Attacks (https://github.com/AI-secure/NonLinear-BA) for the updated code and more detailed instructions on how to use the code base.

About

Code for CVPR2020 paper QEBA: Query-Efficient Boundary-Based Blackbox Attack

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published