This repository contains code implementation of the paper "Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks", at USENIX Security 2022. Blacklight is a novel defense that detects query-based black-box attacks using an efficient content-similarity engine developed by researchers at SANDLab, University of Chicago.
Our code is implemented and tested on Python 3.6.9
and the following packages are required.
config==0.5.1
numpy==1.19.5
torchvision==0.11.2
And the Jupyter core packages we use is:
IPython : 7.16.3
ipykernel : 5.5.6
ipywidgets : 7.7.0
jupyter_client : 7.1.2
jupyter_core : 4.9.2
nbclient : 0.5.9
nbconvert : 6.0.7
nbformat : 5.1.3
notebook : 6.4.10
qtconsole : 5.2.2
traitlets : 4.3.3
Please look into the example in example.ipynb
as reference. Please normalize the queries into
@inproceedings{li2022blacklight,
title={Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks},
author={Li, Huiying and Shan, Shawn and Wenger, Emily and Zhang, Jiayun and Zheng, Haitao and Zhao, Ben Y},
journal={Proc. of USENIX Security},
year={2022}
}