Vector Quantization Based Query-Efficient Attack via Direct Preference Optimization

This work studies black-box adversarial attacks against deep neural networks, where the attacker only has access to the query feedback from the target model. The current state-of-the-art (SOTA) query-efficient attacks usually combine transfer-based and query-based methods by utilizing the gradient or initializations of surrogate models. However, these strategies typically incur significant computational costs and require a large number of queries during the attack process. In this paper, we propose a novel query-efficient method for generating black-box adversarial perturbations, named Vector Quantization based Query-efficient Adversarial Perturbation generation (VQQAP). Specifically, we propose a Nucleus Sampling based Discretization Module (NSDM) to create diverse adversarial examples in the discrete latent space. To directly optimize the latent vector, we formulate the optimization problem as a direct preference optimization (DPO) problem, and iteratively solve this problem based on the target model feedback. Experimental evaluations demonstrate the effectiveness and efficiency of our method.