QEBA: Query-Efficient Boundary-Based Blackbox Attack (2005.14137v1)

Abstract: Machine learning (ML), especially deep neural networks (DNNs) have been widely used in various applications, including several safety-critical ones (e.g. autonomous driving). As a result, recent research about adversarial examples has raised great concerns. Such adversarial attacks can be achieved by adding a small magnitude of perturbation to the input to mislead model prediction. While several whitebox attacks have demonstrated their effectiveness, which assume that the attackers have full access to the machine learning models; blackbox attacks are more realistic in practice. In this paper, we propose a Query-Efficient Boundary-based blackbox Attack (QEBA) based only on model's final prediction labels. We theoretically show why previous boundary-based attack with gradient estimation on the whole gradient space is not efficient in terms of query numbers, and provide optimality analysis for our dimension reduction-based gradient estimation. On the other hand, we conducted extensive experiments on ImageNet and CelebA datasets to evaluate QEBA. We show that compared with the state-of-the-art blackbox attacks, QEBA is able to use a smaller number of queries to achieve a lower magnitude of perturbation with 100% attack success rate. We also show case studies of attacks on real-world APIs including MEGVII Face++ and Microsoft Azure.

• The guidelines detail strict LaTeX formatting requirements for CVPR submissions, covering two-column layout, fonts, headings, and margin compliance.
• Authors must structure manuscripts in English, number sections and equations, and strictly adhere to the eight-page limit excluding references.
• Crucial aspects include maintaining author anonymity for blind review, proper citation, and effective use of illustrations within the page constraints.

Overview of LaTeX Author Guidelines for CVPR Proceedings

This document elucidates the guidelines for authors intending to submit their manuscripts for the CVPR (Computer Vision and Pattern Recognition) conference proceedings, emphasizing the proper formatting and submission protocol using LaTeX, a widely utilized document preparation system in academic and professional domains.

Formatting Specifications

The paper mandates that all text must adhere to a two-column format, with prescribed dimensions for text width and height. A detailed description is provided to ensure compliance with margins and pagination requirements. Authors are instructed to use Times Roman or similar typefaces throughout the document to maintain a cohesive appearance. First-order and second-order headings have specific formatting rules that emphasize clarity and hierarchy within the document structure.

Content Structure and Language

Authors must furnish manuscripts in English and follow a meticulously defined structure encompassing various sections, each with distinct formatting rules. A crucial aspect of the guidelines is the insistence on section and displayed equation numbering for ease of reference. This ensures that subsequent readers and reviewers can accurately locate and refer to equations and sections within the paper, enhancing accessibility and discussion.

Submission Protocol

Attention is given to dual submission policies, necessitating that authors consult the CVPR web page for updates or modifications regarding submission criteria. Papers exceeding the specified length of eight pages (excluding references) are automatically disqualified from review. Significant alterations to margin and formatting are prohibited, as they can distort the true representation of the content within the stipulated page limits.

Blind Review Requirements

Blind reviews are an integral part of the peer-review process, and authors are guided on maintaining anonymity without hindering the paper's integrity. Proper citation practices are emphasized, allowing authors to cite their previous works appropriately without revealing their identity during the review process. This is crucial for a fair and unbiased review environment.

Illustrations and Graphics

Effective use of illustrations, graphs, and photographs is covered under specific recommendations to ensure readability in printed copies. Authors are advised to use \includegraphics with specified dimensions to incorporate visual elements seamlessly into their LaTeX document.

Practical and Theoretical Implications

These guidelines, while micromanaging the formatting and review process intricacies, reflect broader implications in terms of maintaining high standards of scholarly communication and presentation. Conformity to such detailed formatting ensures uniformity across submissions, aiding reviewers and editors in managing and comparing submissions objectively. The meticulous attention to detail in mathematical equations and citations fosters an environment where precision and clarity are paramount, a necessity in advancing AI research and discourse.

Speculations on Future Developments

As academic publishing evolves and the CVPR conference continues to attract groundbreaking research and innovation in AI and computer vision, it is conceivable that these guidelines will adapt to embrace new standards and technologies in document preparation and submission processes. Future iterations may incorporate enhanced digital tools for more efficient manuscript handling or broader integration with emerging AI-assisted editing software, shifting some of the workload away from detailed manual formatting.

In conclusion, the LaTeX Author Guidelines for CVPR Proceedings serve as a comprehensive framework for authors, focusing on precision, clarity, and consistent document preparation. These guidelines not only streamline the submission process but also facilitate an environment conducive to substantive academic dialogue and advancement in the field of computer vision.