Stealthy Query-Efficient OpaqueAttack Against Interpretable Deep Learning

Document Type

Article

Publication Date

4-2-2025

Publication Title

IEEE Transactions on Reliability

Volume

74

Issue

3

Pages

3484-3498

Publisher Name

IEEE

Abstract

Deep neural network (DNN) models are susceptible to adversarial samples in white-box and opaqueenvironments. Although previous studies have shown high attack success rates, coupling DNN models with interpretation models could offer a sense of security when a human expert is involved. However, in white-box environments, interpretable deep learning systems (IDLSes) have been shown to be vulnerable to malicious manipulations. As access to the components of IDLSes is limited in opaquesettings, it becomes more challenging for the adversary to fool the system. In this work, we propose a Query-efficient Score-based opaque attack against IDLSes, which requires no knowledge of the target model and its coupled interpretation model. By continuously refining the adversarial samples created based on feedback scores from the IDLS, our approach effectively reduces the number of model queries and navigates the search space to identify perturbations that can fool the system. We evaluate the attack's effectiveness on four convolutional neural network (CNN) models and two interpretation models, using both ImageNet and CIFAR datasets. Our results show that the proposed approach is query-efficient with a high attack success rate that can reach more than 95%, and an average transferability success rate of 69%. We have also demonstrated that our attack is resilient against various preprocessing defense techniques.

Identifier

10.1109/TR.2025.3551717

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Link to Full Text

Share

COinS