Early Directional Commitment for Query-Efficient Black-Box Adversarial Attacks
Opportunistic Target Selection (OTS) is a lightweight wrapper for score-based black-box adversarial attacks that lack implicit target tracking. It runs the attack in untargeted mode for a short exploration phase, then switches to a targeted objective against whichever non-true class currently leads. OTS acts as a margin-loss surrogate: it reduces class drift for probability- or cross-entropy-based random-search attacks without requiring architectural modification, gradient access, or a priori target-class knowledge.
Across three score-based attacks and five standard ImageNet classifiers (4,500 runs), OTS closely tracks oracle targeting on drift-prone attacks, with gains up to +27 pp in success rate and 43% relative reduction in censored-mean iterations on ResNet-50. It is redundant for attacks that already provide directionality, such as Bandits or margin-loss Square Attack, and shows no benefit on adversarially-trained models where the difficulty distribution is bimodal.
See paper/main.tex for the full paper.
src/ Core library
attacks/ Attack implementations (SimBA, SquareAttack, Bandits)
models/ Model loaders (torchvision, RobustBench)
utils/ Image preprocessing & visualization
demo/ Gradio demonstrator app
demo/ Demo entry point
benchmarks/ Benchmark scripts (generate CSV results)
analysis/ Analysis scripts (generate figures from CSVs)
slurm/ HPC job scripts (CRIANN Arctic)
paper/ LaTeX paper
results/ Benchmark CSVs and figures
data/ ImageNet class index and demo images
-
Install dependencies
pip install -r requirements-gpu.txt # With GPU (NVIDIA CUDA) pip install -r requirements-cpu.txt # CPU only
-
Launch the demonstrator
python demo/launch.py
-
Access the interface
Open http://127.0.0.1:7860 in your browser.
| Script | Description |
|---|---|
benchmarks/benchmark.py |
Multi-model benchmark: 5 standard models + 2 robust models, 3 attacks, 3 modes |
benchmarks/winrate.py |
ResNet-50 CDF benchmark: 100 images, 15K budget, bootstrapped CI |
benchmarks/ablation_s.py |
Stability threshold sweep S={2..15} on standard ResNet-50 |
benchmarks/ablation_s_robust.py |
Stability threshold sweep on robust ResNet-50 |
benchmarks/ablation_naive.py |
Naive fixed-iteration switching vs OTS (standard and robust) |
benchmarks/margin.py |
Margin vs CE loss ablation on SquareAttack |
benchmarks/landscape.py |
Per-iteration confidence history collection |
benchmarks/theta.py |
Perturbation alignment with oracle direction |
python benchmarks/benchmark.py
python benchmarks/winrate.pyRegenerate figures from benchmark CSVs:
python analysis/analyze_benchmark.py
python analysis/analyze_winrate.py
python analysis/analyze_ablation_s.py
python analysis/analyze_ablation_naive.py
python analysis/analyze_margin.py
python analysis/analyze_lockmatch.py
python analysis/analyze_oracle_beat.py