Adversarial machine learning is an emerging area showing the vulnerability of deep learning models. Exploring attack methods to challenge state of the art artificial intelligence (A.I.) models is an area of critical concern. The reliability and robustness of such A.I. models are one of the major concerns with an increasing number of effective adversarial attack methods. Classification tasks are a major vulnerable area for adversarial attacks. The majority of attack strategies are developed for colored or gray-scaled images. Consequently, adversarial attacks on binary image recognition systems have not been sufficiently studied. Binary images are simple two possible pixel-valued signals with a single channel. The simplicity of binary images has a significant advantage compared to colored and gray scaled images, namely computation efficiency. Moreover, most optical character recognition systems (O.C.R.s), such as handwritten character recognition, plate number identification, and bank check recognition systems, use binary images or binarization in their processing steps. In this paper, we propose a simple yet efficient attack method, Efficient Combinatorial Black-box Adversarial Attack, on binary image classifiers. We validate the efficiency of the attack technique on two different data sets and three classification networks, demonstrating its performance. Furthermore, we compare our proposed method with state-of-the-art methods regarding advantages and disadvantages as well as applicability.
翻译:Adversarial 机器学习是一个新兴领域,显示了深层学习模式的脆弱性。探索攻击方法以挑战艺术人工智能(A.I.)模型的状态,这是一个令人极为关切的领域。这种A.I.模型的可靠性和稳健性是越来越多的有效对抗性攻击方法的主要关切之一。分类任务是对抗性攻击的主要脆弱领域。大多数攻击战略是为彩色或灰度图像的处理步骤开发的。因此,对二进制图像识别系统的对抗性攻击没有进行充分研究。二进制图像是简单的两种可能的像素估价信号,只有一个频道。二进制图像的简单性能与彩色和灰色缩放图像(即计算效率)相比有很大的优势。此外,大多数光学字符识别系统(O.C.R.s.),例如手写字符识别、盘码识别和银行检查识别系统,使用二进制图像或二进制图像的处理步骤。因此,我们建议一种简单但有效的攻击方法,高效的黑箱反向攻击性攻击,在二进制图像分类中,在二进制图像分类中,我们用两种方法的优势来比较。我们攻击性方法的优势。我们用两种方法来比较攻击性方法。