摘要
Abstract
Decision-based black-box adversarial attacks have become an important research direction in the field of artificial intelligence security.Existing methods primarily approximate the decision boundary through uniform random traversal type search,ignoring the correlation between the semantic structure of the image and the region of interest of the model,and there are problems of blind search direction,insensitive region,and low query efficiency.To this end,this paper proposes a saliency-guided adversarial decision boundary attack(S-ADBA)method,which is designed for black-box image classification systems that only provide hard-label predictions in query budget-constrained scenarios,and guides the perturbation with saliency mask semanticsto act preferentially on key sensitive regions of the image,thereby reducing redundant queries and improving the efficiency of the attack.Experiments on the ImageNet dataset show that S-ADBA outperforms the baseline attack methods on several mainstream models,with the number of queries decreasing by 11.5%,25.3%,3.6%,30.4%,and 8.8%respectively on VGG-19,Inception-V3,EffcientNet-B0,DenseNet161,and ViT-B32 respectively,while maintaining or improving the attack success rate,maintaining good robustness and achieving an effective balance between query efficiency and attack stealth.关键词
决策边界/显著性检测,黑盒对抗攻击/硬标签/对抗样本Key words
decision boundary/saliency detection/black-box adversarial attack/hard label/adversarial sample分类
信息技术与安全科学
