An Evolutionary, Gradient-Free, Query-Efficient, Black-Box Algorithm for Generating Adversarial Instances in Deep Convolutional Neural Networks

Deep neural networks (DNNs) are sensitive to adversarial data in a variety of scenarios, including the black-box scenario, where attacker is only allowed query trained model and receive an output. Existing methods for creating instances costly, often using gradient estimation or training replacement network. This paper introduces \textbf{Qu}ery-Efficient \textbf{E}volutiona\textbf{ry} \textbf{Attack}, \textit{QuEry Attack}, untargeted, score-based, attack. QuEry Attack based on novel objective function that can be used gradient-free optimization problems. The attack requires access output logits classifier thus not affected by masking. No additional information needed, rendering our method more suitable real-life situations. We test its performance with three different state-of-the-art models -- Inception-v3, ResNet-50, VGG-16-BN against benchmark datasets: MNIST, CIFAR10 ImageNet. Furthermore, we evaluate Attack's non-differential transformation defenses robust models. Our results demonstrate superior Attack, both terms accuracy score efficiency.