# Sparse-RS: a versatile framework for query-efficient sparse black-box adversarial attacks

, , , ,

arXiv.org Machine Learning

A large body of research has focused on adversarial attacks which require to modify all input features with small $l_2$- or $l_\infty$-norms. In this paper we instead focus on query-efficient sparse attacks in the black-box setting. Our versatile framework, Sparse-RS, based on random search achieves state-of-the-art success rate and query efficiency for different sparse attack models such as $l_0$-bounded perturbations (outperforming established white-box methods), adversarial patches, and adversarial framing. We show the effectiveness of Sparse-RS on different datasets considering problems from image recognition and malware detection and multiple variations of sparse threat models, including targeted and universal perturbations. In particular Sparse-RS can be used for realistic attacks such as universal adversarial patch attacks without requiring a substitute model. The code of our framework is available at https://github.com/fra31/sparse-rs.

, , , (20 more...)

Jun-23-2020

Industry:
•  >  (0.71)
•  >  (0.65)
Technology:
•  >  (1.00)
•  >  >  >  (1.00)
•  >  >  >  (1.00)
•  >  >  (0.93)
•  >  >  >  (0.88)
•  >  >  (0.88)
•  >  >  >  >  (0.46)

Title
None found

### Similar Docs  more

TitleSimilaritySource
None found