Boosting Ray Search Procedure of Hard-label Attacks with Transfer-based Priors
Authors: Chen Ma, Xinjie Xu, Shuyu Cheng, Qi Xuan
ICLR 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on the Image Net and CIFAR-10 datasets show that our approach significantly outperforms 11 state-of-the-art methods in terms of query efficiency. |
| Researcher Affiliation | Collaboration | 1 Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023, China 2 Binjiang Institute of Artificial Intelligence, ZJUT, Hangzhou 310056, China 3 JQ Investments, Shanghai 200122, China EMAIL, EMAIL, EMAIL |
| Pseudocode | Yes | Algorithm 1 Prior-Sign-OPT and Prior-OPT attack |
| Open Source Code | Yes | To further support reproducibility, we provide the complete attack code for our approach and all baseline methods at https://github.com/machanic/hard_label_attacks. |
| Open Datasets | Yes | All experiments are conducted on two datasets, i.e., CIFAR-10 (Krizhevsky & Hinton, 2009) and Image Net (Deng et al., 2009). |
| Dataset Splits | Yes | We randomly select 1,000 images from the validation sets for experiments. |
| Hardware Specification | Yes | The experiments of all methods are conducted using Py Torch 1.7.1 framework on NVIDIA V100 and A100 GPUs. |
| Software Dependencies | Yes | The experiments of all methods are conducted using Py Torch 1.7.1 framework on NVIDIA V100 and A100 GPUs. |
| Experiment Setup | Yes | Table 3: The hyperparameters of Prior-OPT and Prior-Sign-OPT. Dataset Hyperparameter Value q, total number of vectors for estimating a gradient, including priors and random vectors 200 the binary search s stopping threshold β 500 the number of iterations 1,000 gmax, the maximum gradient norm for the gradient clipping operation 0.1 |