Implementation and analysis of sparse random search adversarial attack

2022 26th International Conference on Methods and Models in Automation and Robotics (MMAR) Pub Date : 2022-08-22 DOI:10.1109/MMAR55195.2022.9874333

Piotr Satała, Krystian Radlak

{"title":"Implementation and analysis of sparse random search adversarial attack","authors":"Piotr Satała, Krystian Radlak","doi":"10.1109/MMAR55195.2022.9874333","DOIUrl":null,"url":null,"abstract":"Adversarial attacks have shown that deep neural networks can drastically change their output based on a relatively small input perturbation. One of the most promising adversarial attacks is based on random search (RS). RS algorithm iteratively moves the current solution to the better one in the search space, which is sampled from a hypersphere surrounding the current solution. In the case of adversarial attacks, RS randomly modifies a given number of pixels in an input image to change the network's original prediction. This paper presents the implementation and analysis of the Sparse-RS algorithm for adversarial attacks generation. Furthermore, we study and compare several extensions of the original algorithm to improve its effectiveness. In the performed experiments, (1) we analyze the impact of limiting attack search space to the edges of the image and to the most significant pixels indicated by saliency maps, (2) we evaluate the process of greedily minimizing the number of perturbed pixels in a successful attack, (3) we propose a novel schedule to dynamically adjust how many pixels should be replaced in the next iteration.","PeriodicalId":169528,"journal":{"name":"2022 26th International Conference on Methods and Models in Automation and Robotics (MMAR)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 26th International Conference on Methods and Models in Automation and Robotics (MMAR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MMAR55195.2022.9874333","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial attacks have shown that deep neural networks can drastically change their output based on a relatively small input perturbation. One of the most promising adversarial attacks is based on random search (RS). RS algorithm iteratively moves the current solution to the better one in the search space, which is sampled from a hypersphere surrounding the current solution. In the case of adversarial attacks, RS randomly modifies a given number of pixels in an input image to change the network's original prediction. This paper presents the implementation and analysis of the Sparse-RS algorithm for adversarial attacks generation. Furthermore, we study and compare several extensions of the original algorithm to improve its effectiveness. In the performed experiments, (1) we analyze the impact of limiting attack search space to the edges of the image and to the most significant pixels indicated by saliency maps, (2) we evaluate the process of greedily minimizing the number of perturbed pixels in a successful attack, (3) we propose a novel schedule to dynamically adjust how many pixels should be replaced in the next iteration.

查看原文本刊更多论文

稀疏随机搜索对抗性攻击的实现与分析

对抗性攻击表明，深度神经网络可以基于相对较小的输入扰动来剧烈改变其输出。最有希望的对抗性攻击之一是基于随机搜索(RS)。RS算法迭代地将当前解移动到搜索空间中的较优解，从当前解周围的超球中采样。在对抗性攻击的情况下，RS随机修改输入图像中给定数量的像素，以改变网络的原始预测。本文介绍了用于生成对抗性攻击的稀疏rs算法的实现和分析。此外，我们研究和比较了原始算法的几种扩展，以提高其有效性。在进行的实验中，(1)分析了限制攻击搜索空间对图像边缘和显著性图表示的最重要像素的影响，(2)评估了成功攻击中贪婪最小化受干扰像素数量的过程，(3)提出了一种新的时间表来动态调整在下一次迭代中应该替换多少像素。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 26th International Conference on Methods and Models in Automation and Robotics (MMAR)

自引率

0.00%

发文量