Motivated by zeroth-order optimization, we develop Boundary Attack++, a family of algorithms based on a novel estimate of gradient direction using binary information at the decision boundary.
On the one hand, existing iterative attacks add noises monotonically along the direction of gradient ascent, resulting in a lack of diversity and adaptability of the generated iterative trajectories.
Modern neural networks are highly non-robust against adversarial manipulation.
Adversarial attacks formally correspond to an optimization problem: find a minimum norm image perturbation, constrained to cause misclassification.
Time Series Classification (TSC) problems are encountered in many real life data mining tasks ranging from medicine and security to human activity recognition and food safety.