whitebox model
- North America > United States (0.36)
- North America > Canada > British Columbia > Metro Vancouver Regional District > Vancouver (0.04)
- Information Technology > Security & Privacy (0.68)
- Government > Military (0.68)
- Government > Regional Government > North America Government > United States Government (0.36)
Perturbing Across the Feature Hierarchy to Improve Standard and Strict Blackbox Attack Transferability
We focus on the blackbox transfer-based adversarial threat model for DNN image classifiers. In the standard case, blackbox means the attacker does not have access to the gradients of the target model and makes no assumptions about its architecture.
- North America > United States (0.35)
- North America > Canada (0.04)
- Information Technology > Security & Privacy (0.68)
- Government > Military (0.68)
- Government > Regional Government > North America Government > United States Government (0.35)
Reviewer 1 1
"straightforward" from simply looking at the equations, we maintain that the multi-layer extension is a significant However, note from Figure 5 (appendix) the pattern in which the layers are sequentially "added" by the We consider the direction of finding other optimizations for layer choice an important future work. From eqn 3, you are correct, it is possible for all layers to contribute differently. Intuitively, the most impactful layers are added first. The decoding for this layer notation is shown in Figure 5 (appendix). We will be sure to clarify these points in the final version.