Journal Article10.1109/TEVC.2019.2890858
One Pixel Attack for Fooling Deep Neural Networks
TL;DR: This paper proposes a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE), which requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE.
read more
Abstract: Recent research has revealed that the output of deep neural networks (DNNs) can be easily altered by adding relatively small perturbations to the input vector. In this paper, we analyze an attack in an extremely limited scenario where only one pixel can be modified. For that we propose a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE). It requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE. The results show that 67.97% of the natural images in Kaggle CIFAR-10 test dataset and 16.04% of the ImageNet (ILSVRC 2012) test images can be perturbed to at least one target class by modifying just one pixel with 74.03% and 22.91% confidence on average. We also show the same vulnerability on the original CIFAR-10 dataset. Thus, the proposed attack explores a different take on adversarial machine learning in an extreme limited scenario, showing that current DNNs are also vulnerable to such low dimension attacks. Besides, we also illustrate an important application of DE (or broadly speaking, evolutionary computation) in the domain of adversarial machine learning: creating tools that can effectively generate low-cost adversarial attacks against neural networks for evaluating robustness.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Posted Content
Weighted-Sampling Audio Adversarial Example Attack
TL;DR: In this article, a weighted sampling method was proposed to generate audio adversarial examples with low noise and high audio robustness at the minute time-consuming level, and a denoising method was applied in the loss function to make the adversarial attack more imperceptible.
6
Physical Adversarial Attack Meets Computer Vision: A Decade Survey
Hui Wei,Hao Tang,Xuemei Jia,Zhixiang Wang,Hanxun Yu,Zhubo Li,Shin’ichi Satoh,Luc J. Van Gool,Zheng Wang +8 more
TL;DR: This survey evaluates the security of Deep Neural Networks (DNNs) in computer vision, focusing on physical adversarial attacks, which can degrade DNNs' performance by incorporating perturbations into input images, and proposes a new evaluation metric, hiPAA.
6
Hierarchical deployment of deep neural networks based on fog computing inferred acceleration model
Weijin Jiang,Sijian Lv +1 more
TL;DR: The proposed hierarchical deployment and inference acceleration model meets the minimum latency and accuracy of neural network inference in multiple fog computing scenarios and greatly reduces the performance occupation and case cost of the cloud under the traditional cloud computing model.
6
•Posted Content
Revisiting Model's Uncertainty and Confidences for Adversarial Example Detection
TL;DR: In this paper, the authors revisited the model's uncertainty and confidences and proposed a novel unsupervised ensemble AE detection mechanism that uses the uncertainty method called SelectiveNet, which processes model layers outputs, i.e. feature maps, to generate new confidence probabilities.
6
Robustness Testing for Multi-Agent Reinforcement Learning: State Perturbations on Critical Agents
Ziyuan Zhou,Guanjun Liu +1 more
TL;DR: In this paper , the authors proposed a robustness testing framework for multi-agent reinforcement learning (MARL) that attacks states of Critical Agents (RTCA), which has two innovations: a Differential Evolution (DE) based method to select critical agents as victims and to advise the worst-case joint actions on them; and a team cooperation policy evaluation method employed as the objective function for the optimization of DE.
6
References
•Proceedings Article
Very Deep Convolutional Networks for Large-Scale Image Recognition
Karen Simonyan,Andrew Zisserman +1 more
- 04 Sep 2014
TL;DR: This work investigates the effect of the convolutional network depth on its accuracy in the large-scale image recognition setting using an architecture with very small convolution filters, which shows that a significant improvement on the prior-art configurations can be achieved by pushing the depth to 16-19 weight layers.
102.6K
Differential Evolution – A Simple and Efficient Heuristic for Global Optimization over Continuous Spaces
Rainer Storn,Kenneth Price +1 more
TL;DR: In this article, a new heuristic approach for minimizing possibly nonlinear and non-differentiable continuous space functions is presented, which requires few control variables, is robust, easy to use, and lends itself very well to parallel computation.
•Dissertation
Learning Multiple Layers of Features from Tiny Images
Alex Krizhevsky
- 01 Jan 2009
TL;DR: In this paper, the authors describe how to train a multi-layer generative model of natural images, using a dataset of millions of tiny colour images, described in the next section.
•Book
Pattern Recognition and Machine Learning
Christopher M. Bishop
- 17 Aug 2006
TL;DR: Probability Distributions, linear models for Regression, Linear Models for Classification, Neural Networks, Graphical Models, Mixture Models and EM, Sampling Methods, Continuous Latent Variables, Sequential Data are studied.
Visualizing and Understanding Convolutional Networks
Matthew D. Zeiler,Rob Fergus +1 more
- 06 Sep 2014
TL;DR: A novel visualization technique is introduced that gives insight into the function of intermediate feature layers and the operation of the classifier in large Convolutional Network models, used in a diagnostic role to find model architectures that outperform Krizhevsky et al on the ImageNet classification benchmark.
16.6K
Related Papers (5)
Nicholas Carlini,David Wagner +1 more
- 22 May 2017
Kaiming He,Xiangyu Zhang,Shaoqing Ren,Jian Sun +3 more
- 27 Jun 2016