Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
102 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

L-AutoDA: Leveraging Large Language Models for Automated Decision-based Adversarial Attacks (2401.15335v2)

Published 27 Jan 2024 in cs.CR, cs.AI, cs.CV, and cs.LG

Abstract: In the rapidly evolving field of machine learning, adversarial attacks present a significant challenge to model robustness and security. Decision-based attacks, which only require feedback on the decision of a model rather than detailed probabilities or scores, are particularly insidious and difficult to defend against. This work introduces L-AutoDA (LLM-based Automated Decision-based Adversarial Attacks), a novel approach leveraging the generative capabilities of LLMs to automate the design of these attacks. By iteratively interacting with LLMs in an evolutionary framework, L-AutoDA automatically designs competitive attack algorithms efficiently without much human effort. We demonstrate the efficacy of L-AutoDA on CIFAR-10 dataset, showing significant improvements over baseline methods in both success rate and computational efficiency. Our findings underscore the potential of LLMs as tools for adversarial attack generation and highlight new avenues for the development of robust AI systems.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. Intriguing properties of neural networks. In 2nd International Conference on Learning Representations (ICLR), 2014.
  2. Explaining and harnessing adversarial examples. In 3rd International Conference on Learning Representations, (ICLR), 2015.
  3. Adversarial sensor attack on lidar-based perception in autonomous driving. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, (CCS). ACM, 2019.
  4. Adversarial attack and defense for medical image analysis: Methods and applications. CoRR, 2023.
  5. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS. ACM, 2017.
  6. Black-box adversarial attacks with limited queries and information. In Proceedings of the 35th International Conference on Machine Learning, (ICML), Proceedings of Machine Learning Research. PMLR, 2018.
  7. Puridefense: Randomized local implicit adversarial purification for defending black-box query-based attacks. arXiv preprint arXiv:2401.10586, 2024.
  8. Stateful defenses for machine learning models are not yet secure against black-box attacks. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, (CCS), pages 786–800. ACM, 2023.
  9. Arms race in adversarial malware detection: A survey. ACM Comput. Surv., 2023.
  10. Efficient decision-based black-box adversarial attacks on face recognition. In IEEE Conference on Computer Vision and Pattern Recognition, (CVPR). Computer Vision Foundation / IEEE, 2019.
  11. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In 6th International Conference on Learning Representations, (ICLR). OpenReview.net, 2018.
  12. Hopskipjumpattack: A query-efficient decision-based attack. In 2020 IEEE Symposium on Security and Privacy, (SP). IEEE, 2020.
  13. Sign-opt: A query-efficient hard-label adversarial attack. In 8th International Conference on Learning Representations, ICLR. OpenReview.net, 2020.
  14. Query-efficient hard-label black-box attack: An optimization-based approach. In 7th International Conference on Learning Representations, ICLR. OpenReview.net, 2019.
  15. Program synthesis. Foundations and Trends® in Programming Languages, 2017.
  16. Efficient and robust automated machine learning. In Advances in Neural Information Processing Systems 28: Annual Conference on Neural Information Processing Systems 2015, 2015.
  17. Autoda: Automated decision-based iterative adversarial attacks. In 31st USENIX Security Symposium, USENIX Security 2022, pages 3557–3574. USENIX Association, 2022.
  18. Automl-zero: Evolving machine learning algorithms from scratch. In Proceedings of the 37th International Conference on Machine Learning, (ICML), Proceedings of Machine Learning Research. PMLR, 2020.
  19. Mathematical discoveries from program search with large language models. Nature, pages 1–3, 2023.
  20. Algorithm evolution using large language model. arXiv preprint arXiv:2311.15249, 2023.
  21. Generalizable black-box adversarial attack with meta learning. CoRR, abs/2301.00364, 2023.
  22. A survey of large language models. arXiv preprint arXiv:2303.18223, 2023.
  23. Chatgpt for good? on opportunities and challenges of large language models for education. Learning and individual differences, 103:102274, 2023.
  24. Recent advances in natural language processing via large pre-trained language models: A survey. ACM Computing Surveys, 2021.
  25. Is chatgpt the ultimate programming assistant–how far is it? arXiv preprint arXiv:2304.11938, 2023.
  26. Benefits, limits, and risks of gpt-4 as an ai chatbot for medicine. New England Journal of Medicine, 388(13):1233–1239, 2023.
  27. Capabilities of gpt-4 on medical challenge problems. arXiv preprint arXiv:2303.13375, 2023.
  28. Exploring the potential of gpt-4 in biomedical engineering: the dawn of a new era. Annals of Biomedical Engineering, pages 1–9, 2023.
  29. Is gpt-3 all you need for low-data discovery in chemistry? 2023.
  30. Chip-chat: Challenges and opportunities in conversational hardware design. arXiv preprint arXiv:2305.13243, 2023.
  31. Chateda: A large language model powered autonomous agent for eda. arXiv preprint arXiv:2308.10204, 2023.
  32. Gpt-nas: Neural architecture search with the generative pre-trained model. arXiv preprint arXiv:2305.05351, 2023.
  33. Can gpt-4 perform neural architecture search? arXiv preprint arXiv:2304.10970, 2023.
  34. Automl-gpt: Automatic machine learning with gpt. arXiv preprint arXiv:2305.02499, 2023.
  35. Large language models are human-level prompt engineers. arXiv preprint arXiv:2211.01910, 2022.
  36. A systematic survey of prompt engineering on vision-language foundation models. arXiv preprint arXiv:2307.12980, 2023.
  37. Evolution Through Large Models, pages 331–366. Springer Nature Singapore, Singapore, 2024.
  38. An example of evolutionary computation+ large language model beating human: Design of efficient guided local search. arXiv preprint arXiv:2401.02051, 2024.
  39. A. Krizhevsky. Learning Multiple Layers of Features from Tiny Images. Technical report, Univ. Toronto, 2009.
  40. Eduardo Dadalto. Resnet18 trained on cifar10. https://huggingface.co/edadaltocg/resnet18_cifar10, 2022. Accessed: 2023-07-01.
  41. Robustbench: a standardized adversarial robustness benchmark. In Proceedings of the Neural Information Processing Systems Track on Datasets and Benchmarks 1, (NeurIPS), 2021.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (5)
  1. Ping Guo (38 papers)
  2. Fei Liu (232 papers)
  3. Xi Lin (135 papers)
  4. Qingchuan Zhao (14 papers)
  5. Qingfu Zhang (78 papers)
Citations (5)
View on Semantic Scholar