Showing 1–1 of 1 results for author: Nizar, N J
-
Leveraging Extracted Model Adversaries for Improved Black Box Attacks
Authors:
Naveen Jafer Nizar,
Ari Kobren
Abstract:
We present a method for adversarial input generation against black box models for reading comprehension based question answering. Our approach is composed of two steps. First, we approximate a victim black box model via model extraction (Krishna et al., 2020). Second, we use our own white box method to generate input perturbations that cause the approximate model to fail. These perturbed inputs ar…
▽ More
We present a method for adversarial input generation against black box models for reading comprehension based question answering. Our approach is composed of two steps. First, we approximate a victim black box model via model extraction (Krishna et al., 2020). Second, we use our own white box method to generate input perturbations that cause the approximate model to fail. These perturbed inputs are used against the victim. In experiments we find that our method improves on the efficacy of the AddAny---a white box attack---performed on the approximate model by 25% F1, and the AddSent attack---a black box attack---by 11% F1 (Jia and Liang, 2017).
△ Less
Submitted 2 November, 2020; v1 submitted 30 October, 2020;
originally announced October 2020.