One Pixel Attack for Fooling Deep Neural Networks

Su, Jiawei; Vargas, Danilo Vasconcellos; Sakurai, Kouichi

doi:10.1109/tevc.2019.2890858

articleIEEE Transactions on Evolutionary ComputationJan 4, 2019GREEN OA

One Pixel Attack for Fooling Deep Neural Networks

JSJiawei SuDVDanilo Vasconcellos VargasKSKouichi Sakurai

Kyushu University · Advanced Telecommunications Research Institute International

Indexed inarxivcrossref

Abstract

Recent research has revealed that the output of deep neural networks (DNNs) can be easily altered by adding relatively small perturbations to the input vector. In this paper, we analyze an attack in an extremely limited scenario where only one pixel can be modified. For that we propose a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE). It requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE. The results show that 67.97% of the natural images in Kaggle CIFAR-10 test dataset and 16.04% of the ImageNet (ILSVRC 2012) test images can be perturbed to at least one target class by modifying…

Citation impact

1,669

total citations

FWCI: 119.84
Percentile: 100%
References: 60

Citations per year

Authors

3

JS
Jiawei SuCorresponding
Kyushu University
DV
Danilo Vasconcellos Vargas
Kyushu University
KS
Kouichi Sakurai
Advanced Telecommunications Research Institute International

Topics & keywords

Topics

Keywords

Adversarial system
Artificial neural network
Deep neural networks
Pixel
Deep learning
Dimension (graph theory)
Class (philosophy)
Domain (mathematical analysis)

No related works found for this paper.