Diffusing Defense
Against Black-box Attacks
Black-box attacks pose significant practical, safety, and security risks, using minimal information and practical query budgets to craft adversarial examples. These near-information-vacuum attacks challenge the development of effective defenses. We aim for robustness against black-box attacks without compromising performance. Inspired by cryptographic principles of diffusion and confusion, we propose randomly sampling subsets of models from a larger set for predictions to introduce uncertainty into query responses.
1. Model Response uncertainty
2. Model diversity
Status:
- In progress