{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:14:42Z","timestamp":1742912082156,"version":"3.40.3"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031157769"},{"type":"electronic","value":"9783031157776"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15777-6_17","type":"book-chapter","created":{"date-parts":[[2022,8,23]],"date-time":"2022-08-23T15:24:33Z","timestamp":1661268273000},"page":"303-323","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Query-Efficient Black-Box Adversarial Attack with\u00a0Random Pattern Noises"],"prefix":"10.1007","author":[{"given":"Makoto","family":"Yuito","sequence":"first","affiliation":[]},{"given":"Kenta","family":"Suzuki","sequence":"additional","affiliation":[]},{"given":"Kazuki","family":"Yoneyama","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,8,24]]},"reference":[{"key":"17_CR1","unstructured":"Amazon Rekognition. https:\/\/aws.amazon.com\/rekognition\/"},{"key":"17_CR2","unstructured":"Google Cloud Vision API. https:\/\/cloud.google.com\/vision\/"},{"key":"17_CR3","unstructured":"IBM Watson Visual Recognition. https:\/\/www.ibm.com\/cloud\/watson-visual-recognition"},{"key":"17_CR4","unstructured":"Al-Dujaili, A., O\u2019Reilly, U.M.: Sign bits are all you need for black-box attacks. In: International Conference on Learning Representations (2020). https:\/\/openreview.net\/forum?id=SygW0TEFwH"},{"key":"17_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-030-58592-1_29","volume-title":"Computer Vision \u2013 ECCV 2020","author":"M Andriushchenko","year":"2020","unstructured":"Andriushchenko, M., Croce, F., Flammarion, N., Hein, M.: Square attack: a query-efficient black-box adversarial attack via random search. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.-M. (eds.) ECCV 2020. LNCS, vol. 12368, pp. 484\u2013501. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58592-1_29"},{"key":"17_CR6","unstructured":"Brown, T.B., Man\u00e9, D., Roy, A., Abadi, M., Gilmer, J.: Adversarial patch. CoRR abs\/1712.09665 (2017)"},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy 2017, pp. 39\u201357 (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Chen, J., Jordan, M.I., Wainwright, M.J.: HopSkipJumpAttack: a query-efficient decision-based attack. In: IEEE Symposium on Security and Privacy 2020, pp. 1277\u20131294 (2020)","DOI":"10.1109\/SP40000.2020.00045"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Chen, P., Zhang, H., Sharma, Y., Yi, J., Hsieh, C.: Zoo: zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In: Proceedings of the AISec@CCS 2017, pp. 15\u201326 (2017)","DOI":"10.1145\/3128572.3140448"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Chen, S., Carlini, N., Wagner, D.A.: Stateful detection of black-box adversarial attacks. In: Proceedings of the SPAI 2020, pp. 30\u201339 (2020)","DOI":"10.1145\/3385003.3410925"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database. In: CVPR 2009 (2009)","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Deng, Y., Zheng, J.X., Zhang, T., Chen, C., Lou, G., Kim, M.: An analysis of adversarial attacks and defenses on autonomous driving models. In: PerCom 2020, pp. 1\u201310 (2020)","DOI":"10.1109\/PerCom45495.2020.9127389"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"Dong, Y., Pang, T., Su, H., Zhu, J.: Evading defenses to transferable adversarial examples by translation-invariant attacks. In: Proceedings of the CVPR 2019, pp. 4312\u20134321 (2019)","DOI":"10.1109\/CVPR.2019.00444"},{"key":"17_CR14","unstructured":"Feng, Y., Wu, B., Fan, Y., Li, Z., Xia, S.: Efficient black-box adversarial attack guided by the distribution of adversarial perturbations. CoRR abs\/2006.08538 (2020)"},{"key":"17_CR15","unstructured":"Goodfellow, I., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: ICLR 2015 (2015)"},{"key":"17_CR16","unstructured":"Gu, S., Rigazio, L.: Towards deep neural network architectures robust to adversarial examples. In: ICLR 2015 (2015)"},{"key":"17_CR17","unstructured":"Guo, C., Rana, M., Ciss\u00e9, M., van der Maaten, L.: Countering adversarial images using input transformations. In: ICLR 2018 (2018)"},{"key":"17_CR18","unstructured":"Guo, Y., Yan, Z., Zhang, C.: Subspace attack: Exploiting promising subspaces for query-efficient black-box attacks. In: Wallach, H.M., Larochelle, H., Beygelzimer, A., d\u2019Alch\u00e9-Buc, F., Fox, E.B., Garnett, R. (eds.) NeurIPS 2019, pp. 3820\u20133829 (2019)"},{"key":"17_CR19","unstructured":"Huang, Z., Zhang, T.: Black-box adversarial attack with transferable model-based embedding. In: ICLR 2020 (2020)"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Jia, X., Wei, X., Cao, X., Foroosh, H.: ComDefend: an efficient image compression model to defend adversarial examples. In: Proceedings of the CVPR 2019, pp. 6084\u20136092 (2019)","DOI":"10.1109\/CVPR.2019.00624"},{"key":"17_CR21","unstructured":"Kannan, H., Kurakin, A., Goodfellow, I.J.: Adversarial logit pairing (2018)"},{"key":"17_CR22","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images. Technical report, University of Toronto (2009)"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Li, H., Xu, X., Zhang, X., Yang, S., Li, B.: QEBA: query-efficient boundary-based blackbox attack. In: Proceedings of the CVPR 2020, pp. 1218\u20131227 (2020)","DOI":"10.1109\/CVPR42600.2020.00130"},{"key":"17_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"795","DOI":"10.1007\/978-3-030-58621-8_46","volume-title":"Computer Vision \u2013 ECCV 2020","author":"Y Li","year":"2020","unstructured":"Li, Y., Bai, S., Xie, C., Liao, Z., Shen, X., Yuille, A.: Regional homogeneity: towards learning transferable universal adversarial perturbations against defenses. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.-M. (eds.) ECCV 2020. LNCS, vol. 12356, pp. 795\u2013813. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58621-8_46"},{"key":"17_CR25","unstructured":"Lin, J., Song, C., He, K., Wang, L., Hopcroft, J.E.: Nesterov accelerated gradient and scale invariance for adversarial attacks. In: ICLR 2020 (2020)"},{"key":"17_CR26","doi-asserted-by":"crossref","unstructured":"Liu, Z., et al.: Feature distillation: DNN-oriented JPEG compression against adversarial examples. In: CVPR 2019, pp. 860\u2013868 (2019)","DOI":"10.1109\/CVPR.2019.00095"},{"key":"17_CR27","unstructured":"Ma, C., Cheng, S., Chen, L., Yong, J.: Switching gradient directions for query-efficient black-box adversarial attacks. CoRR abs\/2009.07191 (2020)"},{"key":"17_CR28","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: ICLR 2018 (2018)"},{"key":"17_CR29","unstructured":"Meunier, L., Atif, J., Teytaud, O.: Yet another but more efficient black-box adversarial attack: tiling and evolution strategies (2019)"},{"key":"17_CR30","unstructured":"Moon, S., An, G., Song, H.O.: Parsimonious black-box adversarial attacks via efficient combinatorial optimization. In: ICML 2019, pp. 4636\u20134645 (2019)"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P.D., Goodfellow, I.J., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the AsiaCCS 2017, pp. 506\u2013519 (2017)","DOI":"10.1145\/3052973.3053009"},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P.D., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE EuroS &P 2016, pp. 372\u2013387 (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"17_CR33","unstructured":"Rastrigin, L.A.: The convergence of the random search method in the extremal control of many-parameter system. Autom. Remote Control 24(10), 1337\u20131342 (1963). https:\/\/scholar.google.com\/scholar?cluster=1484480983410715230"},{"key":"17_CR34","unstructured":"Shaham, U., et al.: Defending against adversarial images using basis functions transformations. CoRR abs\/1803.10840 (2018)"},{"key":"17_CR35","doi-asserted-by":"crossref","unstructured":"Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the ACM CCS 2016, pp. 1528\u20131540 (2016)","DOI":"10.1145\/2976749.2978392"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Su, D., Zhang, H., Chen, H., Yi, J., Chen, P., Gao, Y.: Is robustness the cost of accuracy? \u2013 A comprehensive study on the robustness of 18 deep image classification models. In: Ferrari, V., Hebert, M., Sminchisescu, C., Weiss, Y. (eds.) ECCV 2018, pp. 644\u2013661 (2018)","DOI":"10.1007\/978-3-030-01258-8_39"},{"key":"17_CR37","doi-asserted-by":"crossref","unstructured":"Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. In: Proceedings of the CVPR 2016, pp. 2818\u20132826 (2016)","DOI":"10.1109\/CVPR.2016.308"},{"key":"17_CR38","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: ICLR 2014 (2014)"},{"key":"17_CR39","doi-asserted-by":"crossref","unstructured":"Tu, C., et al.: Autozoom: autoencoder-based zeroth order optimization method for attacking black-box neural networks. In: Proceedings of the AAAI 2019, pp. 742\u2013749 (2019)","DOI":"10.1609\/aaai.v33i01.3301742"},{"key":"17_CR40","doi-asserted-by":"crossref","unstructured":"Wang, X., He, K.: Enhancing the transferability of adversarial attacks through variance tuning. In: Proceedings of the CVPR 2021, pp. 1924\u20131933 (2021)","DOI":"10.1109\/CVPR46437.2021.00196"},{"key":"17_CR41","unstructured":"Xie, C., Wang, J., Zhang, Z., Ren, Z., Yuille, A.L.: Mitigating adversarial effects through randomization. In: ICLR 2018 (2018)"},{"key":"17_CR42","doi-asserted-by":"crossref","unstructured":"Xie, C., et al.: Improving transferability of adversarial examples with input diversity. In: Proceedings of the CVPR 2019, pp. 2730\u20132739 (2019)","DOI":"10.1109\/CVPR.2019.00284"},{"key":"17_CR43","doi-asserted-by":"crossref","unstructured":"Xu, W., Evans, D., Qi, Y.: Feature squeezing: detecting adversarial examples in deep neural networks. In: NDSS 2018 (2018)","DOI":"10.14722\/ndss.2018.23198"},{"key":"17_CR44","unstructured":"Yann, L., Corinna, C.: The MNIST database of handwritten digit (1998)"},{"key":"17_CR45","unstructured":"Yatsura, M., Metzen, J.H., Hein, M.: Meta-learning the search distribution of black-box random search based adversarial attacks. CoRR abs\/2111.01714 (2021)"},{"key":"17_CR46","unstructured":"Yin, D., Lopes, R.G., Shlens, J., Cubuk, E.D., Gilmer, J.: A Fourier perspective on model robustness in computer vision. In: NeurIPS 2019, pp. 13255\u201313265 (2019)"},{"key":"17_CR47","doi-asserted-by":"crossref","unstructured":"Zhang, F., Chowdhury, S.P., Christakis, M.: DeepSearch: a simple and effective blackbox attack for deep neural networks. In: Devanbu, P., Cohen, M.B., Zimmermann, T. (eds.) ESEC\/FSE 2020, pp. 800\u2013812 (2020)","DOI":"10.1145\/3368089.3409750"},{"key":"17_CR48","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E.P., Ghaoui, L.E., Jordan, M.I.: Theoretically principled trade-off between robustness and accuracy. In: ICML 2019 (2019)"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15777-6_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T17:08:24Z","timestamp":1709831304000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15777-6_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031157769","9783031157776"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15777-6_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"24 August 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}