Yimu JiJianyu DingZhiyu ChenFei WuChi ZhangYiming SunJing SunShangdong Liu
Numerous researches on adversarial black-box attacks have proved that deep neural networks have certain insecurity. However, the current black-box attack methods still have shortages in incomplete utilization of query information. The newly proposed Simulator Attack based on meta-learning shows good performance in query-efficiency but still misses some hidden information. For this disadvantage, our research finds the usability of the feature layer output information in a simulator model for the first time. Then we propose an optimized Simulator Attack+ framework based on this discovery. By conducting experiments on the CIFAR-10 and CIFAR-100 datasets, results legibly show that Simulator Attack+ can further reduce the number of consuming queries to improve query-efficiency meanwhile maintaining attack effect. Our code is available at https://github.com/Rain117E/SimulatorAttackplus.
Zeyu DaiShengcai LiuQing LiKe Tang
Run WangFelix Juefei-XuQing GuoYihao HuangXiaofei XieLei MaYang Liu
Zhiyu ChenJianyu DingFei WuChi ZhangYiming SunJing SunShangdong LiuYimu Ji
Phoenix WilliamsKe LiGeyong Min
Xu HanQiang LiHongbo CaoLei HanBin WangXuhua BaoYufei HanWei Wang