A* ATTACK: A NOVEL PATH-FINDING APPROACH TO ADVERSARIAL EXAMPLES
Loading...
Authors
Clark, Christopher D.
Subjects
deep neural network
DNN
artificial intelligence
A*
A* search
A-Star
adversarial example
MLaaS
machine learning as a service
black-box attack
DNN
artificial intelligence
A*
A* search
A-Star
adversarial example
MLaaS
machine learning as a service
black-box attack
Advisors
Barton, Armon C.
Date of Issue
2023-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This paper presents a novel approach to exploiting a key vulnerability of deep neural networks (DNNs) to adversarial examples with a focus on the black-box machine learning as a service (MLaaS) environment. We introduce A* Attack, a unique adversarial example attack that leverages the A* Search algorithm to find adversarial perturbations. This innovative approach is designed to overcome the challenges of both excessive model queries in decision- and score-based attacks and the limitations of transferability from white-box attacks. The A* Attack demonstrates competitive performance in the white-box setting and sets a new standard in the decision-based black-box setting, achieving high attack success rates with minimal queries. This represents a significant advancement in the field, offering a new approach to the black-box attack method. This paper provides a competitive evaluation of the A* Attack on CIFAR10 and ImageNet, comparing its performance against other leading attacks and defenses.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.