{"id":222839,"updated":"2025-01-19T13:32:55.200133+00:00","links":{},"created":"2025-01-19T01:22:46.532188+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00222839","sets":["581:10784:10798"]},"path":["10798"],"owner":"44499","recid":"222839","title":["ベイズ最適化を用いたデータ・クエリ効率の良いBlack-box Universal Adversarial Attacks"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-12-15"},"_buckets":{"deposit":"3eaac735-1de0-4ba6-8e86-12fdceb05141"},"_deposit":{"id":"222839","pid":{"type":"depid","value":"222839","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ベイズ最適化を用いたデータ・クエリ効率の良いBlack-box Universal Adversarial Attacks","author_link":["585169","585166","585167","585168"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ベイズ最適化を用いたデータ・クエリ効率の良いBlack-box Universal Adversarial Attacks"},{"subitem_title":"Data and Query Efficient Black-box Universal Adversarial Attacks with Bayesian Optimization","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:持続可能な社会のIT基盤に向けた情報セキュリティとトラスト（特選論文）] black-box universal adversarial attacks，ベイズ最適化，AIセキュリティ","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2022-12-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"茨城大学／現在，株式会社アイヴィス"},{"subitem_text_value":"茨城大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ibaraki University / Presently with IVIS inc.","subitem_text_language":"en"},{"subitem_text_value":"Ibaraki University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/222839/files/IPSJ-JNL6312015.pdf","label":"IPSJ-JNL6312015.pdf"},"date":[{"dateType":"Available","dateValue":"2024-12-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6312015.pdf","filesize":[{"value":"4.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"c9533acf-6b7e-4800-a142-893c8c8036d4","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"由比藤, 真"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"米山, 一樹"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Makoto, Yuito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuki, Yoneyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Adversarial AttacksはDeep Neural Network（DNN）における最大の脆弱性の1つである．最近では，Universal Adversarial Perturbation（UAP）と呼ばれる，任意の画像に加えることでAdversarial Examples（AE）を生成することができる単一の摂動を計算するUniversal Adversarial Attacks（UAA）が研究されている．いくつかの既存研究は，クエリアクセスのみを用いるBlack-box環境下でUAPを生成できることを示しているが，その多くは攻撃者にとって現実的ではないセッティングを含んでいる．本稿では，より現実的なセッティングに基づくBlack-box UAAを考え，効率良くUAPを生成するためのベイズ最適化を用いたBlack-box UAA手法を提案する．ImageNetでの実験において，提案手法は少ないデータ量・クエリ回数にもかかわらず，既存手法と同等の攻撃成功率（最高81%）を達成する．また，より多くのAEを生成することを目的とした場合に，提案手法が最先端のAdversarial Attacks手法のクエリ効率を上回ることを示す．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Adversarial attacks are one of the largest vulnerability of deep neural networks. Recently, universal adversarial attacks have also been studied. In the field of universal adversarial attacks, the attacker aims to compute a single perturbation, called universal adversarial perturbation (UAP), which can be added to any input image to produce an adversarial example. Several existing studies have shown that UAPs can be generated in a black-box setting, but most of them involve unrealistic settings for an attacker such as requiring huge amount of training data. We consider a more realistic setting and propose a black-box universal adversarial attack method using bayesian optimization to generate UAPs efficiently. In our experiments on ImageNet dataset, our method achieves the comparable attack success rate (up to 81%) as existing methods, despite the small amount of training data and number of queries. Moreover, we show that our method outperforms the state-of-the-art black-box adversarial attack method in terms of query efficiency when we aim to generate many adversarial examples.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1785","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1776","bibliographicIssueDates":{"bibliographicIssueDate":"2022-12-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"12","bibliographicVolumeNumber":"63"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/00222730","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"44499"}}