Deep learning models deployed in safety-critical applications—such as autonomous driving and facial recognition—are vulnerable to black-box adversarial attacks, where attackers lack access to model internals. To address this, we propose a superpixel-based efficient black-box attack method. Unlike conventional rectangular perturbations, our approach leverages superpixels to achieve image-driven, semantically coherent region segmentation, striking an improved balance between color consistency and spatial compactness. We further design a multi-functional search strategy integrated with iterative perturbation optimization, enabling high-quality adversarial example generation without querying model parameters or gradients. Extensive experiments demonstrate that our method achieves an average 2.10% improvement in attack success rate across multiple state-of-the-art defended models, significantly outperforming existing black-box attack baselines. The source code is publicly available.

Deep learning models are used in safety-critical tasks such as automated driving and face recognition. However, small perturbations in the model input can significantly change the predictions. Adversarial attacks are used to identify small perturbations that can lead to misclassifications. More powerful black-box adversarial attacks are required to develop more effective defenses. A promising approach to black-box adversarial attacks is to repeat the process of extracting a specific image area and changing the perturbations added to it. Existing attacks adopt simple rectangles as the areas where perturbations are changed in a single iteration. We propose applying superpixels instead, which achieve a good balance between color variance and compactness. We also propose a new search method, versatile search, and a novel attack method, Superpixel Attack, which applies superpixels and performs versatile search. Superpixel Attack improves attack success rates by an average of 2.10% compared with existing attacks. Most models used in this study are robust against adversarial attacks, and this improvement is significant for black-box adversarial attacks. The code is avilable at https://github.com/oe1307/SuperpixelAttack.git.