Pixle: a fast and effective black-box attack based on rearranging pixels

Pomponi, Jary; Scardapane, Simone; Uncini, Aurelio

doi:10.1109/IJCNN55064.2022.9892966

Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.

Pixle: a fast and effective black-box attack based on rearranging pixels / Pomponi, Jary; Scardapane, Simone; Uncini, Aurelio. - (2022), pp. 1-7. [10.1109/IJCNN55064.2022.9892966].

Pixle: a fast and effective black-box attack based on rearranging pixels

Pomponi, Jary^Primo;Scardapane, Simone^Secondo;Uncini, Aurelio^Ultimo

2022

Abstract

Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.

Scheda breve

Scheda completa

	Anno di pubblicazione
	
				2022
			
	Titolo del volume
	
				2022 International Joint Conference on Neural Networks (IJCNN)
			
	ISBN
	
				978-1-7281-8671-9
			
	Parole chiave
	
				Adversarial attack ; neural networks; random search; differential evolution
			
	Tipologia
	
				02 Pubblicazione su volume::02a Capitolo o Articolo
			
	Citazione
	
				Pixle: a fast and effective black-box attack based on rearranging pixels / Pomponi, Jary; Scardapane, Simone; Uncini, Aurelio. - (2022), pp. 1-7. [10.1109/IJCNN55064.2022.9892966].
			
	Appartiene alla tipologia:
	
				02a Capitolo o Articolo

File allegati a questo prodotto

File	Dimensione	Formato
Pomponi_Rearranging-pixels_2022.pdf accesso aperto Note: Articolo completo Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore) Licenza: Creative commons Dimensione 1.25 MB Formato Adobe PDF	1.25 MB	Adobe PDF

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1656186

Citazioni

ND

20

6

Nome	Dominio	Durata	Descrizione
s_.*	plu.mx	sessione	recupero grafico citazioni sociali da plumx
A_.*	core.ac.uk	7 giorni	recupero pubblicazioni consigliate per il pannello core-recommander
GS_.*	gstatic.com	richiesta http	visualizza grafico citazioni
CC_.*	creativecommons.org	richiesta http	visualizza licenza bitstream

Catalogo dei prodotti della ricerca