Charles Explorer logo
🇨🇿

Beating White-Box Defenses with Black-Box Attacks

Publikace na Matematicko-fyzikální fakulta |
2021

Tento text není v aktuálním jazyce dostupný. Zobrazuje se verze "en".Abstrakt

Deep learning has achieved great results in the last decade, however, it is sensitive to so called adversarial attacks small perturbations of the input that cause the network to classify incorrectly. In the last years a number of attacks and defenses against these attacks were described.

Most of the defenses however focus on defending against gradient-based attacks. In this paper, we describe an evolutionary attack and show that the adversarial examples produced by the attack have different features than those from gradient-based attacks.

We also show that these features mean that one of the state-of-the-art defenses fails to detect such attacks.