Black-Box Buster: A Robust Zero-Shot Transfer-Based Adversarial Attack Method

Recent black-box adversarial attacks can take advantage of transferable adversarial examples generated by a similar substitute model to successfully fool the target model. However, these substitute models are either pre-trained models or trained with the target model's training examples, which is hard to obtain because of the security and privacy of training data. In this paper, we proposed a zero-shot adversarial black-box attack method that can generate high-quality training examples for the substitute models, which are balanced among the classification labels and close to the distribution of the real training examples of the target models. The experiments demonstrate the effectiveness of our method that significantly improves the non-target black-box attack success rate around 20%-30% of the adversarial examples generated by the substitute models.