KI-Glossar
Das vollständige Wörterbuch der Künstlichen Intelligenz
Black-Box Attack
Adversarial attack conducted without knowledge of the target model's internal architecture, weights, or hyperparameters. The attacker can only interact with the model's inputs and outputs.
Transfer Attack
Technique where an adversarial example generated against a source model is used to fool a different target model. Exploits the similarity of decision boundaries between models trained on similar data.
Query-Based Attack
Iterative attack method that sends multiple queries to the model to observe its responses and progressively adjust the adversarial example. Limited by the allowed query budget.
Model Extraction
Process aiming to replicate or approximate a proprietary model by systematically querying it. Enables the creation of a substitute model for subsequent attacks.
Decision Inversion Attack
Approach that attempts to reconstruct internal features or training data from the model's decisions. Exploits information leaked by the model's outputs.
Boundary Attack
Attack that focuses on instances close to the target model's decision boundary. Seeks to find the minimum perturbations necessary to change the classification.
Substitute Attack
Strategy consisting of training a local substitute model to mimic the behavior of the target model. The substitute is then used to generate adversarial examples.
Oracle Attack
Method using an external oracle to evaluate attack success when the target model does not provide confidence probabilities. Relies on binary or qualitative responses.
Gradient Approximation Attack
Technique estimating the target model's gradient using finite differences or numerical methods. Enables gradient-based attacks without direct access to gradients.
Differential Evolution Attack
Metaheuristic optimization algorithm using mutation and crossover operators to find adversarial examples. Particularly effective in complex search spaces.
Grid Search Attack
Systematic approach exploring the perturbation space according to a predefined grid. Simple but often inefficient in high dimensions due to the curse of dimensionality.
Bayesian Optimization Attack
Global optimization method building a probabilistic model of the objective function to guide the search for adversarial examples. Effective with a limited query budget.
Reinforcement Learning Attack
Framework where an agent learns to generate adversarial perturbations through interaction with the target model. Formulates the problem as a Markov decision process.
ZOO Attack
Zeroth Order Optimization algorithm applying zero-order optimization to find adversarial examples. Estimates gradients through random coordinate differences.
NES Attack
Natural Evolution Strategy applied to black-box adversarial attacks. Uses gradient estimation through sampling from Gaussian distributions for optimization.
Square Attack
Score-based attack using random square perturbations to evade gradient-based defenses. Particularly effective against randomized models.
Attaque par HopSkipJump
Algorithme d'attaque par décision binaire ne nécessitant qu'un accès à la classe prédite. Utilise une recherche par sauts progressifs vers la frontière de décision.
Attaque par Boundary Attack
Méthode itérative marchant le long de la frontière de décision pour trouver des exemples adversariaux avec perturbation minimale. Ne requiert qu'un accès à la prédiction finale.