Author
Listed:
- Wonhong Nam
(Department of Computer Science and Engineering, Konkuk University, Seoul 05029, Republic of Korea)
- Kunha Kim
(Department of Computer Science and Engineering, Konkuk University, Seoul 05029, Republic of Korea)
- Hyunwoo Moon
(Department of Computer Science and Engineering, Konkuk University, Seoul 05029, Republic of Korea)
- Hyeongmin Noh
(Department of Computer Science and Engineering, Konkuk University, Seoul 05029, Republic of Korea)
- Jiyeon Park
(Department of Computer Science and Engineering, Konkuk University, Seoul 05029, Republic of Korea)
- Hyunyoung Kil
(Department of Software, Korea Aerospace University, Goyang 10540, Republic of Korea)
Abstract
Recent research has revealed that subtle imperceptible perturbations can deceive well-trained neural network models, leading to inaccurate outcomes. These instances, known as adversarial examples, pose significant threats to the secure application of machine learning techniques in safety-critical systems. In this paper, we delve into the study of one-pixel attacks in deep neural networks, recently reported as a kind of adversarial examples. To identify such one-pixel attacks, most existing methodologies rely on the differential evolution method, which utilizes random selection from the current population to escape local optima. However, the differential evolution technique might waste search time and overlook good solutions if the number of iterations is insufficient. Hence, in this paper, we propose a gradient ascent with momentum approach to efficiently discover good solutions for the one-pixel attack problem. As our method takes a more direct route to the goal compared to existing methods relying on blind random walks, it can effectively identify one-pixel attacks. Our experiments conducted on popular CNNs demonstrate that, in comparison with existing methodologies, our technique can detect one-pixel attacks significantly faster.
Suggested Citation
Wonhong Nam & Kunha Kim & Hyunwoo Moon & Hyeongmin Noh & Jiyeon Park & Hyunyoung Kil, 2024.
"RISOPA: Rapid Imperceptible Strong One-Pixel Attacks in Deep Neural Networks,"
Mathematics, MDPI, vol. 12(7), pages 1-17, April.
Handle:
RePEc:gam:jmathe:v:12:y:2024:i:7:p:1083-:d:1369774
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:12:y:2024:i:7:p:1083-:d:1369774. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.