As cloud computing becomes pervasive, deep learning models are deployed on cloud servers and then provided as APIs to end users. However, black-box adversarial attacks can fool image classification models without access to model structure and weights. Recent studies have reported attack success rates of over 95% with fewer than 1,000 queries. Then the question arises: whether black-box attacks have become a real threat against cloud APIs? To shed some light on this, our research indicates that black-box attacks are not as effective against cloud APIs as proposed in research papers due to several common mistakes that overestimate the efficiency of black-box attacks. To avoid similar mistakes, we conduct black-box attacks directly on cloud APIs rather than local models.
View on arXiv@article{wu2025_2210.16371,
title={ Distributed Black-box Attack: Do Not Overestimate Black-box Attacks },
author={ Han Wu and Sareh Rowlands and Johan Wahlstrom },
journal={arXiv preprint arXiv:2210.16371},
year={ 2025 }
}