3

Evading Black-box Classifiers Without Breaking Eggs

We propose a new real-world oriented metric for black-box decision-based attacks on security-critical systems

Edoardo Debenedetti, Nicholas Carlini, Florian Tramèr

[Re] Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks

As part of the NeurIPS 2019 Reproducibility Challenge, we chose to attempt to reproduce the attack algorithm proposed in …

Edoardo Debenedetti, Dan Shaked Renous, Faezeh Nassajian