HopSkipJumpAttack - A Query-Efficient Decision-Based Attack

Explore a comprehensive analysis of HopSkipJumpAttack, a query-efficient decision-based adversarial attack on trained models. Delve into the algorithm's development, theoretical foundations, and practical applications in generating adversarial examples using only output labels. Learn about the novel gradient direction estimation technique utilizing binary information at the decision boundary, and understand how it optimizes for both untargeted and targeted attacks using l_2 and l_∞ similarity metrics. Examine the theoretical analysis behind the proposed algorithms and gradient direction estimate. Discover how HopSkipJumpAttack outperforms state-of-the-art decision-based adversarial attacks in terms of model query efficiency and its effectiveness against widely-used defense mechanisms. Gain insights into various aspects of adversarial attacks, including motivations, notations, types, objectives, and existing work in the field.

Intro
Adversarial attack (Szegedy et. al. 2013)
Motivation
Motion picture content rating system
Notations
Types of adversarial attacks
Attack objectives
Existing work
Implicit representations of boundary (Part 1)
An Iterative Algorithm
Convergence
Black-box setting: Access to decisions alone
Boundary search requires labels alone
A decision-based gradient direction estimate
Intuition of proof
A visualization of our algorithm
Binary Search: Find boundary of dog & nondog
Gradient direction estimation
Appropriate size of random perturbation
An uneven distribution of signs
Variance reduction
Distance vs. # Queries
Visualization on ImageNet
Defense mechanisms under HopSkipJumpAttack