Distributed Black-box Attack against Image Classification Cloud Services
Han Wu, Sareh Rowlands, and Johan Wahlstrom
Source Code
Deep Learning Models are vulnerable to Adversarial Attacks
White-box Attacks: fast and efficient.
Black-box Attacks: slow and rely on queries.
- Increasing the attack succes rate.
- Reducing the number of queries.
- Reducing the total attack time.
How to accelerate Black-Box attacks?
Cloud APIs are deployed behind a load balancer that distributes the traffic across several servers.
Local Models & Cloud APIs
Most prior research used local models to test black-box attacks.
We initiate the black-box attacks directly against cloud services.
Attacking Cloud APIs is more challenging than attacking local models
Attacking cloud APIs achieve less success rate than attacking local models.
Attacking cloud APIs requires more queries than attacking local models.
DeepAPI - The Cloud API we attack
We open-source our image classification cloud service for research on black-box attacks.
DeepAPI Deployment
Using Docker
$ docker run -p 8080:8080 wuhanstudio/deepapi
Serving on port 8080...
Using Pip
$ pip install deepapi
$ python -m deepapi
Serving on port 8080...
Horizontal Distribution
Horizontal distribution reduces the total attack time by a factor of five.
Vertical Distribution
Vertical distribution achieves succeesful attacks much earlier.
Conclusion
Thanks
Source Code