Adversarial attack has garnered considerable attention due to its profound implications for the secure deployment of robots in sensitive security scenarios. To potentially push for advances in the field, this paper studies the adversarial attack in the black-box setting and proposes an unlabeled data-driven adversarial attack method, called SemiAdv. Specifically, SemiAdv achieves the following breakthroughs compared with previous works. First, by introducing the semi-supervised learning technique into the adversarial attack, SemiAdv substantially decreases the number of queries required for generating adversarial samples. On average, SemiAdv only needs to query a few hundred times to launch an effective attack with more than 90% success rate. Second, many existing black-box adversarial attacks require massive labeled data to mitigate the difference between the local substitute model and the remote target model for a good attack performance. While SemiAdv relaxes this limitation and is capable of utilizing unlabeled raw data to launch an effective attack. Finally, our experiments show that SemiAdv saves up to 12x query accesses for generating adversarial samples while maintaining a competitive attack success rate compared with state-of-the-art attacks.

翻译：对抗攻击因其对敏感安全场景中机器人安全部署的深远影响而受到广泛关注。为潜在推动该领域进展，本文研究黑盒设置下的对抗攻击，并提出一种名为SemiAdv的无标注数据驱动对抗攻击方法。具体而言，与先前工作相比，SemiAdv实现了以下突破：首先，通过将半监督学习技术引入对抗攻击，SemiAdv显著降低了生成对抗样本所需的查询次数。平均而言，SemiAdv仅需数百次查询即可发起成功率超过90%的有效攻击。其次，现有许多黑盒对抗攻击需要大量标注数据以缩小本地替代模型与远程目标模型之间的差异，从而获得良好攻击性能；而SemiAdv放宽了此限制，能够利用未标注原始数据发起有效攻击。最后，实验表明，与最先进攻击方法相比，SemiAdv在保持竞争力的攻击成功率的同时，生成对抗样本所需的查询访问次数最高可减少12倍。