One-pixel attack is a curious way of deceiving neural network classifier by changing only one pixel in the input image. The full potential and boundaries of this attack method are not yet fully understood. In this research, the successful and unsuccessful attacks are studied in more detail to illustrate the working mechanisms of a one-pixel attack created using differential evolution. The data comes from our earlier studies where we applied the attack against medical imaging. We used a real breast cancer tissue dataset and a real classifier as the attack target. This research presents ways to analyze chromatic and spatial distributions of one-pixel attacks. In addition, we present one-pixel attack confidence maps to illustrate the behavior of the target classifier. We show that the more effective attacks change the color of the pixel more, and that the successful attacks are situated at the center of the images. This kind of analysis is not only useful for understanding the behavior of the attack but also the qualities of the classifying neural network.
翻译:单像素攻击是一种令人好奇的方法,通过改变输入图像中仅一个像素来欺骗神经网络分类器。 这种攻击方法的全部潜力和界限尚未完全理解。 在此研究中, 对成功和不成功的攻击进行了更详细的研究, 以说明使用差异进化生成的单像素攻击的操作机制。 数据来自我们先前对医学成像进行攻击的研究。 我们使用真正的乳腺癌组织数据集和一个真正的分类器作为攻击目标。 此研究展示了分析一像素攻击的化学和空间分布的方法。 此外, 我们展示了一像素攻击信心图来说明目标分类器的行为。 我们显示, 更有效的攻击可以改变像素更多的颜色, 成功的攻击位于图像的中心。 这种分析不仅有助于了解攻击的行为, 而且也有助于确定神经网络的特性 。