Deep neural networks (DNNs) have achieved great success in image classification, but can be very vulnerable to adversarial attacks with small perturbations to images. To improve adversarial image generation for DNNs, we develop a novel method, called mFI-PSO, which utilizes a Manifold-based First-order Influence measure for vulnerable image and pixel selection and the Particle Swarm Optimization for various objective functions. Our mFI-PSO can thus effectively design adversarial images with flexible, customized options on the number of perturbed pixels, the misclassification probability, and the targeted incorrect class. Experiments demonstrate the flexibility and effectiveness of our mFI-PSO in adversarial attacks and its appealing advantages over some popular methods.
翻译:深神经网络(DNNS)在图像分类方面取得了巨大成功,但极易受到对立攻击,对图像进行小扰动。为了改善 DNS的对抗性图像生成,我们开发了一种新颖的方法,称为MFI-PSO,它使用一种基于多功能的第一阶影响计量方法,用于脆弱图像和像素选择,以及粒子蜂群优化用于各种目标功能。 因此,我们的MFI-PSO可以有效地设计对立图像,对被渗透的像素数量、分类错误的可能性和定向错误的类别采用灵活和定制的选项。 实验显示了我们的MFI-PSO在对抗性攻击中的灵活性和有效性,以及它对一些流行方法的吸引力。
相关内容
微信扫码咨询专知VIP会员