Amir F. Mukeri

Work place: AISSMS College of Engineering, Pune, 411001, India

E-mail: mukeriamir@gmail.com

Website:

Research Interests: Data Structures and Algorithms, Computing Platform, Network Security, Information Security, Hardware Security, Computer Graphics and Visualization, Autonomic Computing

Biography

Amir F. Mukeri received his Diploma in Computer Engineering from AISSMS Polytechnic, Pune, India, B.E. degree in Information Technology from P.V.G.'s College of Engineering & Technology, Pune, India and M.E. Computer Engineering from AISSMS’s College of Engineering, Pune, India. He has more than 15 years of experience working in the software products & SaaS industry in the domain of cloud computing, security, data storage and protection, virtualization and IOT in India and US. He is a member of IEEE & ACM.

Author Articles
Towards Query Efficient and Derivative Free Black Box Adversarial Machine Learning Attack

By Amir F. Mukeri Dwarkoba P. Gaikwad

DOI: https://doi.org/10.5815/ijigsp.2022.02.02, Pub. Date: 8 Apr. 2022

While deep learning has shown phenomenal success in many critical applications such as in autonomous driving and medical diagnosis, it is vulnerable to black box adversarial machine learning attacks. Objective of these attacks is to mislead a classifier in making mistakes. Hard Label attacks are those in which an adversary has access only to the top-1 prediction label and has no knowledge about model parameters or gradient loss. Secondly, for security concerns, the number of model queries that an attacker can perform for evaluation are restricted. In this paper, we propose a novel nature-inspired optimization algorithm for generating adversarial examples. Proposed algorithm is derivative-free, meta-heuristic algorithm. It searches for optimum adversarial examples in high-dimensional image space using simple arithmetic operations inspired by Brownian motion of molecules in fluids and gases. Experiments with CIFAR-10 image dataset yielded encouraging results with a query budget of less than 1000 and with a minimal distortion to original image. Its performance was determined to be comparable and exceeded in some cases compared to previous state of the art attacks.

[...] Read more.
Other Articles