Document Type

Article

Publication Date

4-2-2025

Publication Title

IEEE Transactions on Reliability

Volume

74

Issue

3

Pages

3484-3498

Publisher Name

IEEE

Abstract

Deep neural network (DNN) models are susceptible to adversarial samples in white-box and opaqueenvironments. Although previous studies have shown high attack success rates, coupling DNN models with interpretation models could offer a sense of security when a human expert is involved. However, in white-box environments, interpretable deep learning systems (IDLSes) have been shown to be vulnerable to malicious manipulations. As access to the components of IDLSes is limited in opaquesettings, it becomes more challenging for the adversary to fool the system. In this work, we propose a Query-efficient Score-based opaque attack against IDLSes, which requires no knowledge of the target model and its coupled interpretation model. By continuously refining the adversarial samples created based on feedback scores from the IDLS, our approach effectively reduces the number of model queries and navigates the search space to identify perturbations that can fool the system. We evaluate the attack's effectiveness on four convolutional neural network (CNN) models and two interpretation models, using both ImageNet and CIFAR datasets. Our results show that the proposed approach is query-efficient with a high attack success rate that can reach more than 95%, and an average transferability success rate of 69%. We have also demonstrated that our attack is resilient against various preprocessing defense techniques.

Comments

Author Posting © 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The definitive version was published in IEEE Transactions on Reliability, Vol. 74, Iss. 3 (April 2025), https://doi.org/10.1109/TR.2025.3551717.

Available for download on Tuesday, September 01, 2026

Share

COinS