poster

Black-box and Target-specific Attack Against Interpretable Deep Learning Systems

Authors:

Eldor Abdukhamidov,

Firuz Juraev,

Mohammed Abuhamad,

Tamer AbuhmedAuthors Info & Claims

ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Pages 1216 - 1218

https://doi.org/10.1145/3488932.3527283

Published: 30 May 2022 Publication History

Get Access

Abstract

Deep neural network models are susceptible to malicious manipulations even in the black-box settings. Providing explanations for DNN models offers a sense of security by human involvement, which reveals whether the sample is benign or adversarial even though previous studies achieved a high attack success rate. However, interpretable deep learning systems (IDLSes) are shown to be susceptible to adversarial manipulations in white-box settings. Attacking IDLSes in black-box settings is challenging and remains an open research domain. In this work, we propose a black-box version of the white-box AdvEdge approach against IDLSes, which is query-efficient and gradient-free without obtaining any knowledge of the target DNN model and its coupled interpreter. Our approach takes advantage of transfer-based and score-based techniques using the effective microbial genetic algorithm (MGA). We achieve a high attack success rate with a small number of queries and high similarity in interpretations between adversarial and benign samples.

Supplementary Material

MP4 File (poster_video_black-box advedge_Eldor.mp4)

Eldor Abdukhamidov, Firuz Juraev, Mohammed Abuhamad, and Tamer ABUHMED. 2022. POSTER: Black-box and Target-specific Attack Against Interpretable Deep Learning Systems. In Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIA CCS ?22)

Download
81.33 MB

References

[1]

Eldor Abdukhamidov, Mohammed Abuhamad, Firuz Juraev, Eric Chan-Tin, and Tamer AbuHmed. 2021. AdvEdge: Optimizing Adversarial Perturbations Against Interpretable Deep Learning. In International Conference on Computational Data and Social Networks. Springer, 93--105.

Google Scholar

[2]

Inman Harvey. 2009. The microbial genetic algorithm. In European conference on artificial life. Springer, 126--133.

Digital Library

Google Scholar

[3]

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).

Google Scholar

[4]

Karen Simonyan, Andrea Vedaldi, and Andrew Zisserman. 2013. Deep inside convolutional networks: Visualising image classification models and saliency maps. arXiv preprint arXiv:1312.6034 (2013).

Google Scholar

[5]

Bolei Zhou, Aditya Khosla, Agata Lapedriza, Aude Oliva, and Antonio Torralba. 2016. Learning deep features for discriminative localization. In Proceedings of the IEEE conference on computer vision and pattern recognition. 2921--2929.

Crossref

Google Scholar

Cited By

View all

Kwon H(2025)Untargeted Evasion Attacks on Deep Neural Networks Using StyleGANElectronics10.3390/electronics1403057414:3(574)Online publication date: 31-Jan-2025
https://doi.org/10.3390/electronics14030574
Paracha AArshad JFarah MIsmail K(2024)Machine learning security and privacy: a review of threats and countermeasuresEURASIP Journal on Information Security10.1186/s13635-024-00158-32024:1Online publication date: 23-Apr-2024
https://doi.org/10.1186/s13635-024-00158-3
Abdukhamidov EAbuhamad MThiruvathukal GKim HAbuhmed T(2024)SingleADV: Single-Class Target-Specific Attack Against Interpretable Deep Learning SystemsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340765219(5985-5998)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3407652
Show More Cited By

Index Terms

Black-box and Target-specific Attack Against Interpretable Deep Learning Systems
1. Security and privacy
  1. Software and application security

Recommendations

Practical Black-Box Attacks against Machine Learning
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include having ...
Black-box adversarial transferability: An empirical study in cybersecurity perspective
Abstract
The rapid advancement of artificial intelligence within the realm of cybersecurity raises significant security concerns. The vulnerability of deep learning models in adversarial attacks is one of the major issues. In adversarial machine learning, ...
Black-box adversarial attacks on XSS attack detection model
Abstract
Cross-site scripting (XSS) has been extensively studied, although mitigating such attacks in web applications remains challenging. While there is an increasing number of XSS attack detection approaches designed based on machine learning and deep ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

May 2022

1291 pages

ISBN:9781450391405

DOI:10.1145/3488932

General Chairs:
Yuji Suga
Internet Initiative Japan Inc., Japan
,
Kouichi Sakurai
Kyushu University, Japan
,
Program Chairs:
Xuhua Ding
Singapore Management University, Singapore
,
Kazue Sako
Waseda University, Japan

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2022

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

National Research Foundation of Korea

Conference

ASIA CCS '22

Sponsor:

SIGSAC

ASIA CCS '22: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2022

Nagasaki, Japan

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
131
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kwon H(2025)Untargeted Evasion Attacks on Deep Neural Networks Using StyleGANElectronics10.3390/electronics1403057414:3(574)Online publication date: 31-Jan-2025
https://doi.org/10.3390/electronics14030574
Paracha AArshad JFarah MIsmail K(2024)Machine learning security and privacy: a review of threats and countermeasuresEURASIP Journal on Information Security10.1186/s13635-024-00158-32024:1Online publication date: 23-Apr-2024
https://doi.org/10.1186/s13635-024-00158-3
Abdukhamidov EAbuhamad MThiruvathukal GKim HAbuhmed T(2024)SingleADV: Single-Class Target-Specific Attack Against Interpretable Deep Learning SystemsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340765219(5985-5998)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3407652
Juraev FAbuhamad MWoo SThiruvathukal GAbuhmed T(2024)The Impact of Model Variations on the Robustness of Deep Learning Models in Adversarial Settings2024 Silicon Valley Cybersecurity Conference (SVCC)10.1109/SVCC61185.2024.10637362(1-7)Online publication date: 17-Jun-2024
https://doi.org/10.1109/SVCC61185.2024.10637362
Hirose YOno S(2023)Black-box Adversarial Attack against Visual Interpreters for Deep Neural Networks2023 18th International Conference on Machine Vision and Applications (MVA)10.23919/MVA57639.2023.10215758(1-6)Online publication date: 23-Jul-2023
https://doi.org/10.23919/MVA57639.2023.10215758

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

Practical Black-Box Attacks against Machine Learning

Black-box adversarial transferability: An empirical study in cybersecurity perspective

Black-box adversarial attacks on XSS attack detection model

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations