{"title":"进化算法在图像分类上欺骗人类和机器:两个场景下概念的扩展证明","authors":"Raluca Chitic, Franck Leprévost, Nicolas Bernard","doi":"10.1080/24751839.2020.1829388","DOIUrl":null,"url":null,"abstract":"ABSTRACT The range of applications of Neural Networks encompasses image classification. However, Neural Networks are vulnerable to attacks, and may misclassify adversarial images, leading to potentially disastrous consequences. Pursuing some of our previous work, we provide an extended proof of concept of a black-box, targeted, non-parametric attack using evolutionary algorithms to fool both Neural Networks and humans at the task of image classification. Our feasibility study is performed on VGG-16 trained on CIFAR-10. For any category of CIFAR-10, one chooses an image classified by VGG-16 as belonging to . From there, two scenarios are addressed. In the first scenario, a target category is fixed a priori. We construct an evolutionary algorithm that evolves to a modified image that VGG-16 classifies as belonging to . In the second scenario, we construct another evolutionary algorithm that evolves to a modified image that VGG-16 is unable to classify. In both scenarios, the obtained adversarial images remain so close to the original one that a human would likely classify them as still belonging to .","PeriodicalId":32180,"journal":{"name":"Journal of Information and Telecommunication","volume":"5 1","pages":"121 - 143"},"PeriodicalIF":2.7000,"publicationDate":"2020-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/24751839.2020.1829388","citationCount":"4","resultStr":"{\"title\":\"Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios\",\"authors\":\"Raluca Chitic, Franck Leprévost, Nicolas Bernard\",\"doi\":\"10.1080/24751839.2020.1829388\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT The range of applications of Neural Networks encompasses image classification. However, Neural Networks are vulnerable to attacks, and may misclassify adversarial images, leading to potentially disastrous consequences. Pursuing some of our previous work, we provide an extended proof of concept of a black-box, targeted, non-parametric attack using evolutionary algorithms to fool both Neural Networks and humans at the task of image classification. Our feasibility study is performed on VGG-16 trained on CIFAR-10. For any category of CIFAR-10, one chooses an image classified by VGG-16 as belonging to . From there, two scenarios are addressed. In the first scenario, a target category is fixed a priori. We construct an evolutionary algorithm that evolves to a modified image that VGG-16 classifies as belonging to . In the second scenario, we construct another evolutionary algorithm that evolves to a modified image that VGG-16 is unable to classify. In both scenarios, the obtained adversarial images remain so close to the original one that a human would likely classify them as still belonging to .\",\"PeriodicalId\":32180,\"journal\":{\"name\":\"Journal of Information and Telecommunication\",\"volume\":\"5 1\",\"pages\":\"121 - 143\"},\"PeriodicalIF\":2.7000,\"publicationDate\":\"2020-10-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1080/24751839.2020.1829388\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information and Telecommunication\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/24751839.2020.1829388\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information and Telecommunication","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/24751839.2020.1829388","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios
ABSTRACT The range of applications of Neural Networks encompasses image classification. However, Neural Networks are vulnerable to attacks, and may misclassify adversarial images, leading to potentially disastrous consequences. Pursuing some of our previous work, we provide an extended proof of concept of a black-box, targeted, non-parametric attack using evolutionary algorithms to fool both Neural Networks and humans at the task of image classification. Our feasibility study is performed on VGG-16 trained on CIFAR-10. For any category of CIFAR-10, one chooses an image classified by VGG-16 as belonging to . From there, two scenarios are addressed. In the first scenario, a target category is fixed a priori. We construct an evolutionary algorithm that evolves to a modified image that VGG-16 classifies as belonging to . In the second scenario, we construct another evolutionary algorithm that evolves to a modified image that VGG-16 is unable to classify. In both scenarios, the obtained adversarial images remain so close to the original one that a human would likely classify them as still belonging to .
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
