In the previous post, we reviewed some well-known methods for black-box decision-based adversarial attacks where the adversary has no knowledge about the victim model except for its discrete hard-label predictions. Thus gradient-based methods become ineffective but simple random-walk-based methods such as the Boundary Attack can still represent a threat even under these particular settings. Now that we have introduced both white and black-box attacks under … Continue reading Defence methods for image adversarial attacks

In the previous post, we reviewed a series of black-box score-based adversarial attacks where the adversary has to estimate the gradient by querying the target model and retrieving the labels’ confidence score. In this post, we are going to explore the third category of black-box attacks, namely, black-box decision-based attacks. Under these settings, the only knowledge the attacker has about the model is only discrete … Continue reading Black-box decision-based attacks on images

In the previous post, we reviewed a series of black-box transfer-based adversarial attacks where the adversary has to generate adversarial examples against a substitute model. In this post, we are going to explore the second category of black-box attacks, namely, black-box score-based attacks. Under this setting, it is not possible to access the white-box model’s gradients. The only knowledge about the attacked model is the … Continue reading Black-box score-based attacks on images

In the previous post, we reviewed a series of white-box adversarial attacks where the adversary has full access to and knowledge of the victim model. In this post, we are going to explore the first category of black-box attacks, namely, black-box transfer-based attacks. Transfer-based attacks generate adversarial examples against a substitute model, possibly being as much similar as possible to the target model, which has … Continue reading Black-box transfer-based attacks on images

In the first post, we introduced the concept of adversarial attacks and contextualized them in the case of images. In this post, we are going to explore the first category of attacks, namely, white-box attacks. Under this setting, the adversary has full access and knowledge of the model, that is, the architecture of the model, its parameters, gradients, and loss of respect to the input … Continue reading White-box adversarial attacks on images