咨询客服 咨询客服

Attacking convolutional neural network using differential evolution

Abstract:
The output of convolutional neural networks (CNNs) has been shown to be discontinuous which can make the CNN image classifier vulnerable to small well-tuned artificial perturbation. That is, images modified by conducting such alteration (i.e., adversarial perturbation) that make little difference to the human eyes can completely change the CNN classification results. In this paper, we propose a practical attack using differential evolution (DE) for generating effective adversarial perturbations. We comprehensively evaluate the effectiveness of different types of DEs for conducting the attack on different network structures. The proposed method only modifies five pixels (i.e., few-pixel attack), and it is a black-box attack which only requires the miracle feedback of the target CNN systems. The results show that under strict constraints which simultaneously control the number of pixels changed and overall perturbation strength, attacking can achieve 72.29%, 72.30%, and 61.28% non-targeted attack success rates, with 88.68%, 83.63%, and 73.07% confidence on average, on three common types of CNNs. The attack only requires modifying five pixels with 20.44, 14.28, and 22.98 pixel value distortion. Thus, we show that current deep neural networks are also vulnerable to such simpler black-box attacks even under very limited attack conditions.
Author Listing: Jiawei Su;Danilo Vasconcellos Vargas;Kouichi Sakurai
Volume: 11
Pages: 1-16
DOI: 10.1186/s41074-019-0053-3
Language: English
Journal: IPSJ Transactions on Computer Vision and Applications

IPSJ Transactions on Computer Vision and Applications

影响因子:0.0
是否综述期刊:否
是否OA:是
是否预警:不在预警名单内
发行时间:-
ISSN:1882-6695
发刊频率:-
收录数据库:Scopus收录
出版国家/地区:-
出版社:Springer Nature

期刊介绍

年发文量 -
国人发稿量 -
国人发文占比 -
自引率 0.0%
平均录取率 -
平均审稿周期 -
版面费 -
偏重研究方向 Computer Science-Computer Vision and Pattern Recognition
期刊官网 -
投稿链接 -

质量指标占比

研究类文章占比 OA被引用占比 撤稿占比 出版后修正文章占比
0.00% 0.00% - -

相关指数

影响因子
影响因子
年发文量
自引率
Cite Score

预警情况

时间 预警情况
2025年03月发布的2025版 不在预警名单中
2024年02月发布的2024版 不在预警名单中
2023年01月发布的2023版 不在预警名单中
2021年12月发布的2021版 不在预警名单中
2020年12月发布的2020版 不在预警名单中

JCR分区 WOS分区等级:Q0区

版本 按学科 分区
WOS期刊SCI分区
(2021-2022年最新版)

中科院分区

版本 大类学科 小类学科 Top期刊 综述期刊
暂无数据