Pixle: a fast and effective black-box attack based on rearranging pixels

被引:10
作者
Pomponi, Jary [1 ]
Scardapane, Simone [1 ]
Uncini, Aurelio [1 ]
机构
[1] Sapienza Univ Rome, Dept Informat Engn Elect & Telecommun DIET, Rome, Italy
来源
2022 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN) | 2022年
关键词
Adversarial Attack; Neural Networks; Random Search; Differential Evolution;
D O I
10.1109/IJCNN55064.2022.9892966
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.
引用
收藏
页数:7
相关论文
共 50 条
[31]   A New Meta-learning-based Black-box Adversarial Attack: SA-CC [J].
Ding, Jianyu ;
Chen, Zhiyu .
2022 34TH CHINESE CONTROL AND DECISION CONFERENCE, CCDC, 2022, :4326-4331
[32]   Object-Aware Transfer-Based Black-Box Adversarial Attack on Object Detector [J].
Leng, Zhuo ;
Cheng, Zesen ;
Wei, Pengxu ;
Chen, Jie .
PATTERN RECOGNITION AND COMPUTER VISION, PRCV 2023, PT XII, 2024, 14436 :278-289
[33]   Exploring the vulnerability of black-box adversarial attack on prompt-based learning in language models [J].
Zihao Tan ;
Qingliang Chen ;
Wenbin Zhu ;
Yongjian Huang ;
Chen Liang .
Neural Computing and Applications, 2025, 37 (3) :1457-1473
[34]   Effective Black Box Adversarial Attack with Handcrafted Kernels [J].
Dvoracek, Petr ;
Hurtik, Petr ;
Stevuliakova, Petra .
ADVANCES IN COMPUTATIONAL INTELLIGENCE, IWANN 2023, PT II, 2023, 14135 :169-180
[35]   Superpixel Attack Enhancing Black-Box Adversarial Attack with Image-Driven Division Areas [J].
Oe, Issa ;
Yamamura, Keiichiro ;
Ishikura, Hiroki ;
Hamahira, Ryo ;
Fujisawa, Katsuki .
ADVANCES IN ARTIFICIAL INTELLIGENCE, AI 2023, PT I, 2024, 14471 :141-152
[36]   Universal Black-Box Adversarial Attack on Deep Learning for Specific Emitter Identification [J].
Chen, Kailun ;
Zhang, Yibin ;
Cai, Zhenxin ;
Wang, Yu ;
Ye, Chen ;
Lin, Yun ;
Gui, Guan .
2024 IEEE 99TH VEHICULAR TECHNOLOGY CONFERENCE, VTC2024-SPRING, 2024,
[37]   Boosting Black-Box Attack to Deep Neural Networks With Conditional Diffusion Models [J].
Liu, Renyang ;
Zhou, Wei ;
Zhang, Tianwei ;
Chen, Kangjie ;
Zhao, Jun ;
Lam, Kwok-Yan .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 :5207-5219
[38]   RLVS: A Reinforcement Learning-Based Sparse Adversarial Attack Method for Black-Box Video Recognition [J].
Song, Jianxin ;
Yu, Dan ;
Teng, Hongfei ;
Chen, Yongle .
ELECTRONICS, 2025, 14 (02)
[39]   A Black-Box Adversarial Attack via Deep Reinforcement Learning on the Feature Space [J].
Li, Lyue ;
Rezapour, Amir ;
Tzeng, Wen-Guey .
2021 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC), 2021,
[40]   Black-Box Adversarial Attack on Graph Neural Networks With Node Voting Mechanism [J].
Wen, Liangliang ;
Liang, Jiye ;
Yao, Kaixuan ;
Wang, Zhiqiang .
IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2024, 36 (10) :5025-5038
12345