Robin is a DPhil at the University of Oxford working with Yarin Gal (OATML group) and Michael Osborne (BXL group under MLRG). He is interested in Bayesian optimisation and Bayesian deep learning, and especially in their application on AutoML tasks like hyper-parameter tuning and neural architecture search. Robin obtained his undergraduate and masters degree in Engineering Science from University of Oxford and graduated as the top performer in his cohort. He is a Clarendon Scholar.
Black-box adversarial attacks require a large number of attempts before finding successful adversarial examples that are visually indistinguishable from the original input. Current approaches relying on substitute model training, gradient estimation or genetic algorithms often require an excessive number of queries. Therefore, they are not suitable for real-world systems where the maximum query number is limited due to cost. We propose a query-efficient black-box attack which uses Bayesian optimisation in combination with Bayesian model selection to optimise over the adversarial perturbation and the optimal degree of search space dimension reduction. We demonstrate empirically that our method can achieve comparable success rates with 2-5 times fewer queries compared to previous state-of-the-art black-box attacks.
Binxin (Robin) Ru, Adam Cobb, Arno Blaas, Yarin Gal