Summary of A Generative Approach to Surrogate-based Black-box Attacks, by Raha Moraffah et al.
A Generative Approach to Surrogate-based Black-box Attacks
by Raha Moraffah, Huan Liu
First submitted to arxiv on: 5 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This research paper introduces a novel approach to black-box attacks on deep neural networks (DNNs). Surrogate-based attacks have exposed the vulnerabilities of DNNs, but existing methods rely on training a discriminative surrogate that mimics the target’s outputs. However, this approach is limited by its reliance on a small number of samples and suffers from low success rates. The proposed generative surrogate learns the distribution of samples residing on or close to the target’s decision boundaries, enabling the crafting of adversarial examples with imperceptible differences from the original samples. The results demonstrate remarkably high attack success rates on various targets and datasets. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper proposes a new way to make DNNs less accurate by creating fake data that is very similar to real data but belongs to a different category. This is done by learning how the DNN works and then using this information to create false data. The result is a successful attack on the DNN, making it less reliable. |
