Open allanxia opened 4 months ago
Hi @allanxia , based on what I know so far, the so-called black-box attacks can be roughly categorized into two types, the first type is that we train an surrogate model A with the same architecture as the target model to attack, and then test the generated adv. examples on the target model B, which involves related theories such as adv. examples transferability . In the other category, instead of using an additional model, certain techniques are used to directly compute the adversarial samples based on the output of the black-box model (e.g., gradient estimation attack ZOO).
Unfortunately, however, the two types of attack, torchattacks
is not implemented. But the good news is that I plan to add some of these attack algorithms to torchattacks, this should be something you'll see soon 😉.
@rikonaka Thank you very much for your answer, but I seem to be more confused. So the algorithms in torchattacks that implement Square and Pixle blackbox attacks are of that type?
@rikonaka Thank you very much for your answer, but I seem to be more confused. So the algorithms in torchattacks that implement Square and Pixle blackbox attacks are of that type?
Well, I am not the author of these two algorithms, but I have just had a brief look at the code of these two programs, and although its claimed to be a black box attack algorithm, the attack still requires a model to be inputted, this may not meet your requirements for a black box attack (i.e., no input model), and in this regard I may need some time to examine the code. And if you understand these two attack algorithms, you can try to test with them now 😘.
❔ Any questions
Hi, I need to use black box attack model to test, the actual scenario I don't know the model used by the other party, I will only receive feedback from the other party's model, but I look at the black box model in the project, such as square,Pixle's input need to pass the name of the model being attacked, please is there any demo for the black box attack?