jeonggunlee/DnnAttack

Attack a Deep Neural Network

DnnAttack: One pixel attack

One pixel attack for a Deep Neural Network

• Paper

  • One pixel attack for fooling deep neural networks
  • Abstract: Recent research has revealed that the output of Deep Neural Networks (DNN) can be easily altered by adding relatively small perturbations to the input vector. In this paper, we analyze an attack in an extremely limited scenario where only one pixel can be modified. For that we propose a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE). It requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE. The results show that 67.97% of the natural images in Kaggle CIFAR-10 test dataset and 16.04% of the ImageNet (ILSVRC 2012) test images can be perturbed to at least one target class by modifying just one pixel with 74.03% and 22.91% confidence on average. We also show the same vulnerability on the original CIFAR-10 dataset. Thus, the proposed attack explores a different take on adversarial machine learning in an extreme limited scenario, showing that current DNNs are also vulnerable to such low dimension attacks. Besides, we also illustrate an important application of DE (or broadly speaking, evolutionary computation) in the domain of adversarial machine learning: creating tools that can effectively generate low-cost adversarial attacks against neural networks for evaluating robustness.
  • Understanding the One-Pixel Attack: Propagation Maps and Locality Analysis

• Youtube

  • One Pixel Attack | Lecture 24 (Part 2) | Applied Deep Learning
  • One Pixel Attack Defeats Neural Networks | Two Minute Papers, Simple Explanation
  • One Pixel Attack by Big Data Analytics and Management Lab at UT Dallas
  • Adversarial Examples for Deep Neural Networks
    • From Northeastern University's CS 7150 Summer 2020 class on Deep Learning, taught by Paul Hand.
  • J. Z. Kolter and A. Madry: Adversarial Robustness - Theory and Practice (NeurIPS 2018 Tutorial)
  • A New Perspective on Adversarial Perturbations
    • Aleksander Madry (MIT), https://simons.berkeley.edu/talks/tbd-57, Frontiers of Deep Learning
  • 한국어: [Paper Review] Toward Deep Learning Models Resistant to Adversarial Attack
  • Lec 12 : Differential Evolution
  • Working Example of Differential Evolution (DE) Algorithm

• Source

  • Keras Version
  • Pytorch Version
  • Pytorch Attack LIBRARY

• A tutorial on Differential Evolution with Python

  • https://pablormier.github.io/2017/09/05/a-tutorial-on-differential-evolution-with-python/