QueryNet: Attack by Multi-Identity Surrogates. (arXiv:2105.15010v3 [cs.LG] UPDATED)

Deep Neural Networks (DNNs) are acknowledged as vulnerable to adversarial
attacks, while the existing black-box attacks require extensive queries on the
victim DNN to achieve high success rates. For query-efficiency, surrogate
models of the victim are used to generate transferable Adversarial Examples
(AEs) because of their Gradient Similarity (GS), i.e., surrogates' attack
gradients are similar to the victim's ones. However, it is generally neglected
to exploit their similarity on outputs, namely the Prediction Similarity (PS),
to filter out inefficient queries …

arxiv identity