A* Attack: A Novel Path-Finding Approach to Adversarial Examples

Abstract

This paper presents a novel approach to exploiting a key vulnerability of deep neural networks (DNNs)to adversarial examples with a focus on the black-box machine learning as a service (MLaaS) environment.We introduce A* Attack, a unique adversarial example attack that leverages the A* Search algorithm to find adversarial perturbations. This innovative approach is designed to overcome the challenges of both excessive model queries in decision- and score-based attacks and the limitations of transferability from white-box attacks. The A* Attack demonstrates competitive performance in the white-box setting and sets a new standard in the decision-based black-box setting, achieving high attack success rates with minimal queries. This represents a significant advancement in the field, offering a new approach to the black-box attack method. This paper provides a competitive evaluation of the A* Attack on CIFAR10 and ImageNet, comparing its performance against other leading attacks and defenses.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2023
Accession Number
AD1224614

Entities

People

  • Christopher D Clark

Organizations

  • Naval Postgraduate School

Tags

Fields of Study

  • Computer science

Readers

  • Critical Infrastructure Protection in CBRN and WMD Threats.
  • Neural Network Machine Learning.
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • AI & ML - Machine Learning Algorithms
  • AI & ML - Neural Networks