An Efficient Attention Based Image Adversarial Attack Algorithm with Differential Evolution on Realistic High-Resolution Image

Deep learning methods with convolutional neural network (CNN) have achieved significant success in image classification tasks. Meanwhile, adversarial image attack algorithms are also becoming more effective within low-resolution images. However, in high-resolution images, such algorithms are still lacking a way to balance between efficiency and success rate. In this paper, we proposed an efficient attention-based image adversarial attack algorithm with differential evolution on realistic high-resolution images that make changes negligible to human eye but can achieve great success in deceiving Deep Neural Networks (DNNs) such as LeNet and ResNet. This attention-based algorithm uses the theory of Region of Interest (ROI) in the image and reduce the search area accordingly to maximize the attack accuracy. This paper proposed two image perturbation methods: strike-slip attack and Hue-Saturation-Value (HSV) filter attack, which apply changes universally to a given area of pixels to minimize the visual difference between two adjacent pixels. Then, based on population-based metaheuristic search theory, this paper used differential evolution algorithm to find the optimal attack solution. Finally, this paper compared above two attack methods and evaluate their effectiveness when attacking images of different resolutions.