Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios

IF 2.7 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Information and Telecommunication Pub Date : 2020-10-10 DOI:10.1080/24751839.2020.1829388

Raluca Chitic, Franck Leprévost, Nicolas Bernard

{"title":"Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios","authors":"Raluca Chitic, Franck Leprévost, Nicolas Bernard","doi":"10.1080/24751839.2020.1829388","DOIUrl":null,"url":null,"abstract":"ABSTRACT The range of applications of Neural Networks encompasses image classification. However, Neural Networks are vulnerable to attacks, and may misclassify adversarial images, leading to potentially disastrous consequences. Pursuing some of our previous work, we provide an extended proof of concept of a black-box, targeted, non-parametric attack using evolutionary algorithms to fool both Neural Networks and humans at the task of image classification. Our feasibility study is performed on VGG-16 trained on CIFAR-10. For any category of CIFAR-10, one chooses an image classified by VGG-16 as belonging to . From there, two scenarios are addressed. In the first scenario, a target category is fixed a priori. We construct an evolutionary algorithm that evolves to a modified image that VGG-16 classifies as belonging to . In the second scenario, we construct another evolutionary algorithm that evolves to a modified image that VGG-16 is unable to classify. In both scenarios, the obtained adversarial images remain so close to the original one that a human would likely classify them as still belonging to .","PeriodicalId":32180,"journal":{"name":"Journal of Information and Telecommunication","volume":"5 1","pages":"121 - 143"},"PeriodicalIF":2.7000,"publicationDate":"2020-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/24751839.2020.1829388","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information and Telecommunication","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/24751839.2020.1829388","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 4

Abstract

ABSTRACT The range of applications of Neural Networks encompasses image classification. However, Neural Networks are vulnerable to attacks, and may misclassify adversarial images, leading to potentially disastrous consequences. Pursuing some of our previous work, we provide an extended proof of concept of a black-box, targeted, non-parametric attack using evolutionary algorithms to fool both Neural Networks and humans at the task of image classification. Our feasibility study is performed on VGG-16 trained on CIFAR-10. For any category of CIFAR-10, one chooses an image classified by VGG-16 as belonging to . From there, two scenarios are addressed. In the first scenario, a target category is fixed a priori. We construct an evolutionary algorithm that evolves to a modified image that VGG-16 classifies as belonging to . In the second scenario, we construct another evolutionary algorithm that evolves to a modified image that VGG-16 is unable to classify. In both scenarios, the obtained adversarial images remain so close to the original one that a human would likely classify them as still belonging to .

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

进化算法在图像分类上欺骗人类和机器:两个场景下概念的扩展证明

摘要神经网络的应用范围包括图像分类。然而，神经网络容易受到攻击，可能会对对抗性图像进行错误分类，从而导致潜在的灾难性后果。在我们之前的一些工作的基础上，我们提供了一个扩展的黑匣子、有针对性的非参数攻击的概念证明，使用进化算法来欺骗神经网络和人类进行图像分类。我们对在CIFAR-10上训练的VGG-16进行了可行性研究。对于CIFAR-10的任何类别，可以选择由VGG-16分类为属于的图像。在此基础上，讨论了两种情况。在第一种情况下，目标类别是先验固定的。我们构造了一个进化算法，该算法进化到VGG-16分类为属于的修改图像。在第二种情况下，我们构建了另一种进化算法，该算法进化为VGG-16无法分类的修改图像。在这两种情况下，获得的对抗性图像都与原始图像非常接近，以至于人类可能会将其归类为仍然属于原始图像。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊