Latent Geometric Chords for Query-Efficient Decision-Based Adversarial Attacks

from arxiv, Added a conceptual diagram for the LGC architecture, 14 pages, 10 figures, 7 tables. Submitted to IEEE Transactions on Information Forensics and Security. The source code is available at https://github.com/eihmuekhine/Latent-Geometric-Chords

While decision-based black-box adversarial attacks present a severe security threat, current methodologies suffer from fundamental limitations. Pixel-wise attacks frequently introduce unnatural, high-frequency visual artifacts, while latent-space frameworks are confined by the limited search space of low-dimensional manifolds and inherent reconstruction flaws. To resolve these limitations, we propose Latent Geometric Chords (LGC) for Query-Efficient Decision-Based Adversarial Attacks alongside a variant, LGC-H. At its core, LGC navigates decision boundaries by executing a curvature-aware geometric search within a compressed semantic manifold. To guarantee high visual fidelity and circumvent dimensionality bottlenecks, we introduce a Residual-based Adversarial Generation (RAG) mechanism. RAG isolates semantic perturbations as geometric chords and superimposes them directly onto the original source image. RAG substantially resolves baseline reconstruction flaws and effectively doubles the permissible search space dimensions. Experimental results demonstrate that LGC achieves robust cross-dataset transferability and substantially outperforms state-of-the-art baselines. Notably, our method, LGC, minimizes perturbation magnitudes while achieving state-of-the-art visual fidelity--with a Structural Similarity Index Measure (SSIM) exceeding 0.99 and a Learned Perceptual Image Patch Similarity (LPIPS) below 0.01 at 5000 queries--and sustaining high attack success rates under stringent perceptual constraints, successfully compromising adversarially trained robust models. The source code is available at: https://github.com/eihmuekhine/Latent-Geometric-Chords.

翻译：尽管基于决策的黑盒对抗攻击带来了严重的安全威胁，但现有方法存在根本性局限。像素级攻击常引入不自然的高频视觉伪影，而隐空间框架受限于低维流形的狭窄搜索空间及固有重建缺陷。为解决这些局限，我们提出隐式几何弦（LGC）方法及其变体LGC-H，用于高效查询的基于决策的对抗攻击。LGC的核心是在压缩语义流形内执行曲率感知几何搜索以导航决策边界。为确保高视觉保真度并规避维度瓶颈，我们引入基于残差的对抗生成（RAG）机制。RAG将语义扰动分离为几何弦，并直接叠加至原始源图像上，从而显著缓解基线方法的重建缺陷，同时有效将可搜索空间的维度上限提升一倍。实验结果表明，LGC具备鲁棒的跨数据集迁移能力，并显著优于现有基线方法。值得注意的是，我们的方法LGC在最小化扰动幅度的同时实现了当前最优的视觉保真度——在5000次查询下结构相似性指数（SSIM）超过0.99，学习感知图像块相似度（LPIPS）低于0.01——且在严格感知约束下保持高攻击成功率，成功攻破经过对抗训练的鲁棒模型。源代码已开源：https://github.com/eihmuekhine/Latent-Geometric-Chords。