The outstanding performance of deep neural networks has promoted deep learning
applications in a broad set of domains. However, the potential risks caused by adversarial …

Zeroth-order (ZO) optimization is a subset of gradient-free optimization that emerges in many
signal processing and machine learning (ML) applications. It is used for solving optimization …

Abstract We propose the Square Attack, a score-based black-box l_2 l 2-and l_ ∞ l∞-
adversarial attack that does not rely on local gradient information and thus is not affected by …

Deep Learning (DL) algorithms based on artificial neural networks have achieved
remarkable success and are being extensively applied in a variety of application domains …

We study the problem of attacking a machine learning model in the hard-label black-box
setting, where no model information is revealed except that the attacker can make queries to …

Current model extraction attacks assume that the adversary has access to a surrogate
dataset with characteristics similar to the proprietary data used to train the victim model. This …

The prediction accuracy has been the long-lasting and sole standard for comparing the
performance of different image classification models, including the ImageNet competition …

Cyber Physical Systems (CPS) are characterized by their ability to integrate the physical and
information or cyber worlds. Their deployment in critical infrastructure have demonstrated a …

We consider the black-box adversarial setting, where the adversary has to generate
adversarial perturbations without access to the target models to compute gradients. Previous …

Deep Learning algorithms have achieved state-of-the-art performance for Image
Classification. For this reason, they have been used even in security-critical applications …