Data reduction for black-box adversarial attacks against deep neural networks based on side-channel attacks

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-02-25 DOI:10.1016/j.cose.2025.104401

Hanxun Zhou , Zhihui Liu , Yufeng Hu , Shuo Zhang , Longyu Kang , Yong Feng , Yan Wang , Wei Guo , Cliff C. Zou

{"title":"Data reduction for black-box adversarial attacks against deep neural networks based on side-channel attacks","authors":"Hanxun Zhou , Zhihui Liu , Yufeng Hu , Shuo Zhang , Longyu Kang , Yong Feng , Yan Wang , Wei Guo , Cliff C. Zou","doi":"10.1016/j.cose.2025.104401","DOIUrl":null,"url":null,"abstract":"<div><div>Launching effective black-box adversarial attack against a deep neural network (DNN) without knowledge of the model's details is challenging. Previous studies involved performing numerous queries on the target model to generate adversarial examples, which is unacceptable due to the high query volume. Additionally, many of these queries are unnecessary as the dataset may contain redundant or duplicate data. To address these issues, we propose a two-stage black-box adversarial attack approach that combines side-channel attacks and a data reduction technique. In the first stage, we employ Long Short Term Memory (LSTM) to gather partial information about the target DNN through side-channel attacks, enabling us to obtain the class probability of the dataset. In the second stage, we utilize a new data reduction algorithm based on the class probability to enhance the efficiency of generating adversarial examples. Our approach is capable of precisely identifying the target model and the data reduction performs better than other reduction methods. Furthermore, when utilizing the reduced datasets to train the shadow model, the adversarial examples generated on this shadow model demonstrate a higher transferability success rate than SOTA data reduction methods.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"153 ","pages":"Article 104401"},"PeriodicalIF":4.8000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825000902","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Launching effective black-box adversarial attack against a deep neural network (DNN) without knowledge of the model's details is challenging. Previous studies involved performing numerous queries on the target model to generate adversarial examples, which is unacceptable due to the high query volume. Additionally, many of these queries are unnecessary as the dataset may contain redundant or duplicate data. To address these issues, we propose a two-stage black-box adversarial attack approach that combines side-channel attacks and a data reduction technique. In the first stage, we employ Long Short Term Memory (LSTM) to gather partial information about the target DNN through side-channel attacks, enabling us to obtain the class probability of the dataset. In the second stage, we utilize a new data reduction algorithm based on the class probability to enhance the efficiency of generating adversarial examples. Our approach is capable of precisely identifying the target model and the data reduction performs better than other reduction methods. Furthermore, when utilizing the reduced datasets to train the shadow model, the adversarial examples generated on this shadow model demonstrate a higher transferability success rate than SOTA data reduction methods.

查看原文本刊更多论文

基于侧信道攻击的深度神经网络黑盒对抗攻击的数据还原

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.