Showing 1–1 of 1 results for author: Nizar, N J

Leveraging Extracted Model Adversaries for Improved Black Box Attacks

Authors: Naveen Jafer Nizar, Ari Kobren

Abstract: We present a method for adversarial input generation against black box models for reading comprehension based question answering. Our approach is composed of two steps. First, we approximate a victim black box model via model extraction (Krishna et al., 2020). Second, we use our own white box method to generate input perturbations that cause the approximate model to fail. These perturbed inputs ar… ▽ More We present a method for adversarial input generation against black box models for reading comprehension based question answering. Our approach is composed of two steps. First, we approximate a victim black box model via model extraction (Krishna et al., 2020). Second, we use our own white box method to generate input perturbations that cause the approximate model to fail. These perturbed inputs are used against the victim. In experiments we find that our method improves on the efficacy of the AddAny---a white box attack---performed on the approximate model by 25% F1, and the AddSent attack---a black box attack---by 11% F1 (Jia and Liang, 2017). △ Less

Submitted 2 November, 2020; v1 submitted 30 October, 2020; originally announced October 2020.

Journal ref: Analyzing and interpreting neural networks for NLP, 2020