Catalogo dei prodotti della ricerca

Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.

Pixle: a fast and effective black-box attack based on rearranging pixels / Pomponi, Jary; Scardapane, Simone; Uncini, Aurelio. - (2022), pp. 1-7. [10.1109/IJCNN55064.2022.9892966].

Pixle: a fast and effective black-box attack based on rearranging pixels

Pomponi, Jary
Primo
;Scardapane, Simone
Secondo
;Uncini, Aurelio
Ultimo
2022

Abstract

Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.
2022
2022 International Joint Conference on Neural Networks (IJCNN)
978-1-7281-8671-9
Adversarial attack ; neural networks; random search; differential evolution
02 Pubblicazione su volume::02a Capitolo o Articolo
Pixle: a fast and effective black-box attack based on rearranging pixels / Pomponi, Jary; Scardapane, Simone; Uncini, Aurelio. - (2022), pp. 1-7. [10.1109/IJCNN55064.2022.9892966].
02a Capitolo o Articolo
File allegati a questo prodotto
File Dimensione Formato  
Pomponi_Rearranging-pixels_2022.pdf

accesso aperto

Note: Articolo completo
Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Creative commons
Dimensione 1.25 MB
Formato Adobe PDF
1.25 MB Adobe PDF

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1656186
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 20
  • ???jsp.display-item.citation.isi??? 6
social impact