Closed Lexton123 closed 1 year ago
Hi,
if you can point me to some of the places I can have a look. I don't think there's a formal definition of black vs. grey-box, and the fact that we're doing poisoning further complicates the picture. I would say that, since we match the architecture of the surrogate model quite closely to the target model (message-passing, two layers), it could be fair to call it a grey-box attack. Moreover, as you mention, we assume that we know the training labels & training data.
Thank you very much for your reply. I seem to know the reason why it is defined as a grey-box attack. As you mentioned, the structure of the surrogate model and the target model are almost the same. However, most black-box only have the ability to query and can't access the training labels.
If you are interested, you can browse this review.
Thank you sincerely.
Hi, Dainel:
I read in some other papers that they defined Meta-attack as a grey-box attack. What do you think of this?
When using a surrogate model, we don't have any parameters about the target model. In this case, can't it be counted as a black-box attack? Perhaps it is because of the use of complete datasets, such as training labels.
I'm confused that the definition of grey-box and black-box, in the field of graph adversarial.
I will appreciate if you could share your thoughts with me.