Hard Label Attack

Hard-label attacks target machine learning models by manipulating inputs to elicit incorrect predictions, while only having access to the model's final classification (the "hard label"), not its internal probabilities. Current research focuses on developing efficient algorithms, often employing surrogate models or local explainability techniques, to minimize the number of queries needed to successfully generate adversarial examples in this challenging setting. These attacks are significant because they represent a realistic threat to deployed machine learning systems, particularly in scenarios with limited feedback or privacy constraints, and their study informs the development of more robust models.

Papers

November 15, 2024

A Hard-Label Cryptanalytic Extraction of Non-Fully Connected Deep Neural Networks using Side-Channel Attacks
Benoit Coqueret, Mathieu Carbone, Olivier Sentieys, Gabriel Zaid
Neural Network Deep Neural Network Adversarial Example Network Programming Deep Network Side Channel Hard Label Attack

September 18, 2024

Hard-Label Cryptanalytic Extraction of Neural Network Models
Yi Chen, Xiaoyang Dong, Jian Guo, Yantian Shen, Anyu Wang, Xiaoyun Wang
Neural Network Neural Network Model MNIST Canadian Institute for Advanced Neural Network Parameter Hard Label Attack

February 2, 2024

HQA-Attack: Toward High Quality Black-Box Hard-Label Adversarial Attack on Text
Han Liu, Zhi Xu, Xiaotong Zhang, Feng Zhang, Fenglong Ma, Hongyang Chen, Hong Yu, Xianchao Zhang
Adversarial Example Text Modality New Attack Textual Adversarial Example Hard Label Attack

December 12, 2023

DTA: Distribution Transform-based Attack for Query-Limited Scenario
Renyang Liu, Wei Zhou, Xin Jin, Song Gao, Yuanyu Wang, Ruxin Wang
Adversarial Example Product Distribution Black Box Attack Data Limited Scenario Hard Label Attack Attacker Model

December 10, 2023

Data-Free Hard-Label Robustness Stealing Attack
Xiaojian Yuan, Kejiang Chen, Wen Huang, Jie Zhang, Weiming Zhang, Nenghai Yu
Native Robustness Adversarial Training Model Robustness Model Stealing Attack Hard Label Attack

August 1, 2023

LimeAttack: Local Explainable Method for Textual Hard-Label Adversarial Attack
Hai Zhu, Zhaoqing Yang, Weiwei Shang, Yuren Wu
Adversarial Example Local Explanation Hard Label Attack Word Level Adversarial

August 7, 2022

Blackbox Attacks via Surrogate Ensemble Search
Zikui Cai, Chengyu Song, Srikanth Krishnamurthy, Amit Roy-Chowdhury, M. Salman Asif
Adversarial Attack QuEry Based Attack Hard Label Attack Blackbox Attack

January 20, 2022

TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack
Zhen Yu, Xiaosen Wang, Wanxiang Che, Kun He
Adversarial Attack Local Search Textual Adversarial Attack Text Detector Label Attack Hard Label Attack

November 15, 2021

Finding Optimal Tangent Points for Reducing Distortions of Hard-label Attacks
Chen Ma, Xiangyu Guo, Li Chen, Jun-Hai Yong, Yisen Wang
Adversarial Attack Gradient Based Attack Distortion Realism Hard Label Attack