Semantic-Aware Adaptive Binary Search for Hard-label Black-box Attack
Ma, Yiqing. (2023-05). Semantic-Aware Adaptive Binary Search for Hard-label Black-box Attack. Theses and Dissertations Collection, University of Idaho Library Digital Collections. https://www.lib.uidaho.edu/digital/etd/items/ma_idaho_0089n_12625.html
- Title:
- Semantic-Aware Adaptive Binary Search for Hard-label Black-box Attack
- Author:
- Ma, Yiqing
- Date:
- 2023-05
- Keywords:
- Adversarial attack Breast Ultrasound Hard-label attack
- Program:
- Computer Science
- Subject Category:
- Computer science
- Abstract:
-
Breast cancer is a major health concern globally, and early detection is crucial for successful treatment. Breast ultrasound is a widely used imaging modality for the diagnosis of breast cancer. In recent years, numerous studies have explored the use of deep learning for breast cancer classification in ultrasound images. These studies have shown promising results, with deep learning models achieving high levels of accuracy in detecting breast cancer. Despite the widely reported potential of deep neural networks for automated breast tumor classification and detection, these models are vulnerable to adversarial attacks, which can lead to significant performance degradation. In this thesis, I build a novel adversarial attack approach under the decision-based black-box setting, where model details (e.g., architecture and parameters) are inaccessible, and querying the target model only provides the prediction of final class label (i.e., hard-label attack). The proposed attack approach has two major components: adaptive binary search and semantic-aware search. The adaptive binary search utilizes a coarse-to-fine strategy that applies different tolerance values in different searching stages to reduce unnecessary queries. The proposed semantic mask-aware search crops the search space by using breast anatomy, which significantly avoids invalid searches. The proposed approach is validated using a dataset of 3,378 breast ultrasound images and compared with other state-of-the-art methods by attacking three deep learning models. The results demonstrate that the proposed approach generates imperceptible adversarial samples at a high success rate (99.83%), and it dramatically reduces the average and median queries by 23.96% and 31.79%, respectively, compared with the state-of-the-art.
- Description:
- masters, M.S., Computer Science -- University of Idaho - College of Graduate Studies, 2023-05
- Major Professor:
- Xian, Min; Vakanski, Aleksandar
- Committee:
- Gao, Frank; Soule, Terence
- Defense Date:
- 2023-05
- Identifier:
- Ma_idaho_0089N_12625
- Type:
- Text
- Format Original:
- Format:
- application/pdf
- Rights:
- In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at libspec@uidaho.edu.
- Standardized Rights:
- http://rightsstatements.org/vocab/InC-EDU/1.0/