GSBA$^K$: $top$-$K$ Geometric Score-based Black-box Attack
Authors: Md Farhamdur Reza, Richeng Jin, Tianfu Wu, Huaiyu Dai
ICLR 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experimental results on Image Net and PASCAL VOC datasets validate the effectiveness of GSBAK in crafting top-K adversarial examples. |
| Researcher Affiliation | Academia | Md Farhamdur Reza1 , Richeng Jin2 , Tianfu Wu1 & Huaiyu Dai1 1NC State University 2Zhejiang University EMAIL EMAIL |
| Pseudocode | Yes | Algorithm 1: GSBAK |
| Open Source Code | Yes | The code of our attack is available at https://github.com/Farhamdur/GSBA-K. |
| Open Datasets | Yes | Extensive experimental results on Image Net and PASCAL VOC datasets validate the effectiveness of GSBAK in crafting top-K adversarial examples. |
| Dataset Splits | Yes | In the case of untargeted attacks against a classifier on Image Net, we randomly select 1000 images that are correctly classified by the respective classifier. For targeted attacks, we create 1000 sets of images, each comprising a benign image xs and a target image xt. |
| Hardware Specification | No | The paper does not provide specific hardware details such as GPU/CPU models or processor types. |
| Software Dependencies | No | The pre-trained Res Net-50, Res Net-101 and VGG-16 models are sourced from Py Torch. |
| Experiment Setup | Yes | In the case of GSBAK, we use reduced-dimensional frequency subspace with a dimension reduction factor f = 4 to sample low-frequency noise {zi}. We set the base query number I0 = 30, step size ϵ = 6, and tolerance τ = 0.0001. |