Adversarial attacks on deep learning

Abstract

Deep learning models, especially convolutional neural networks (CNNs), have made significant progress in the field of image recognition and classification. However, adversarial attacks have emerged as a significant vulnerability, posing threats to the robustness of these models. One notable example is the one-pixel attack, which leads to incorrect predictions just by changing a single pixel, which could lead to potentially serious consequences. This project aims to investigate the efficiency and effectiveness of different search strategies in conducting the one- pixel attacks on black box networks.

Certain adversarial attacks are explored before narrowing down to one pixel attack. This study will further explore the performance of three search algorithms - Genetic Algorithm (GA), Simulated Annealing (SA) and Differential Evolution (DE) - in terms of the computational power used, success rates and convergence speed. The aim of this study is to research on the effects of these algorithms on one pixel attack, hopefully achieving the goal to identify elements that improve the efficiency and efficacy of the one-pixel attack.