Go to MMAR 2022 homepageImplementation and analysis of sparse random search adversarial attack
Abstract: Adversarial attacks have shown that deep neural networks can drastically change their output based on a relatively small input perturbation. One of the most promising adversarial attacks is based on random search (RS). RS algorithm iteratively moves the current solution to the better one in the search space, which is sampled from a hypersphere surrounding the current solution. In the case of adversarial attacks, RS randomly modifies a given number of pixels in an input image to change the network's original prediction. This paper presents the implementation and analysis of the Sparse-RS algorithm for adversarial attacks generation. Furthermore, we study and compare several extensions of the original algorithm to improve its effectiveness. In the performed experiments, (1) we analyze the impact of limiting attack search space to the edges of the image and to the most significant pixels indicated by saliency maps, (2) we evaluate the process of greedily minimizing the number of perturbed pixels in a successful attack, (3) we propose a novel schedule to dynamically adjust how many pixels should be replaced in the next iteration.
0 Replies
Loading