Deep neural networks are becoming increasingly popular. However, they are also vulnerable to adversarial attacks. The existing attack methods include white-box attack and black-box attack. The white-box attack assumes full model knowledge while the black-box one assumes none. In this brief, we propose a novel attack method between these two. Specifically, we have made the following contributions: (1) we propose the gray-box attack, which utilizes the side-channel attack to predict the model structure based on a pre-trained classifier and (2) we validate our method on real-world experiments. The experimental results show that our gray-box attack can significantly outperform the existing techniques.

中文翻译：

---

DNN 的侧通道灰盒攻击

深度神经网络正变得越来越流行。然而，它们也容易受到对抗性攻击。现有的攻击方法包括白盒攻击和黑盒攻击。白盒攻击假设有完整的模型知识，而黑盒攻击假设没有。在本文中，我们提出了一种介于两者之间的新型攻击方法。具体来说，我们做出了以下贡献：（1）我们提出了灰盒攻击，它利用侧信道攻击来预测基于预训练分类器的模型结构；（2）我们在真实情况下验证了我们的方法。世界实验。实验结果表明，我们的灰盒攻击可以显着优于现有技术。