In the previous post we reviewed a series of black-box score-based adversarial attacks where the adversary has to estimate the gradient by querying the target model and retrieving the labels’ confidence score. In this post we are going to explore the third category of black-box attacks, namely, black-box decision-based attacks. Under this settings, the only knowledge the attacker has about the model are only discrete … Continue reading Black-box decision-based attacks on images

In the previous post we reviewed a series of black-box transfer-based adversarial attacks where the adversary has to  generate adversarial examples against a substitute model. In this post we are going to explore the second category of black-box attacks, namely, black-box score-based attacks. Under this setting, it is not possible to access to the white-box model’s gradients. The only knowledge about the attacked model are … Continue reading Black-box score-based attacks on images

In the previous post we reviewed a series of white-box adversarial attacks where the adversary has full access and knowledge of the victim model. In this post we are going to explore the first category of black-box attacks, namely, black-box transfer-based attacks. Transfer-based attacks generate adversarial examples against a substitute model, possibly being as much similar as possible to the target model, which have a … Continue reading Black-box transfer-based attacks on images