Cheating your apps: black-box adversarial attacks on deep learning apps

Cao, H., Li, S., Zhou, Y., Fan, M., Zhao, X. and Tang, Y. (2023) Cheating your apps: black-box adversarial attacks on deep learning apps. Journal of Software: Evolution and Process, (doi: 10.1002/smr.2528) (Early Online Publication)

Full text not currently available from Enlighten.


Deep learning is a powerful technique to boost application performance in various fields, including face recognition, image classification, natural language understanding, and recommendation system. With the rapid increase in the computing power of mobile devices, developers can embed deep learning models into their apps for building more competitive products with more accurate and faster responses. Although there are several works of adversarial attacks against deep learning models in apps, they all need information about the models' internals (i.e., structures and weights) or need to modify the models. In this paper, we propose an effective black-box approach by training substitute models to spoof the deep learning systems inside the apps. We evaluate our approach on 10 real-world deep-learning apps from Google Play to perform black-box adversarial attacks. Through the study, we find three factors that can affect the performance of attacks. Our approach can reach a relatively high attack success rate of 66.60% on average. Compared with other adversarial attacks on mobile deep learning models, in terms of the average attack success rates, our approach outperforms its counterparts by 27.63%.

Item Type:Articles
Additional Information:Funding information: This work is supported by Shanghai Pujiang Program, Science and Technology Commission of Shanghai Municipality No. 1PJ1410700, and National Natural Science Foundation of China No. 62202306.
Status:Early Online Publication
Glasgow Author(s) Enlighten ID:Tang, Dr Yutian
Authors: Cao, H., Li, S., Zhou, Y., Fan, M., Zhao, X., and Tang, Y.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Journal of Software: Evolution and Process
ISSN (Online):2047-7481
Published Online:01 January 2023

University Staff: Request a correction | Enlighten Editors: Update this record