mFI-PSO: A Flexible and Effective Method in Adversarial Image Generation for Deep Neural Networks
This addresses the problem of adversarial robustness for image classification systems, but it is incremental as it builds on existing attack methods.
The paper tackled the vulnerability of deep neural networks to adversarial attacks by developing mFI-PSO, a method that generates adversarial images with flexible options on perturbed pixels and misclassification probability, showing effectiveness in experiments.
Deep neural networks (DNNs) have achieved great success in image classification, but can be very vulnerable to adversarial attacks with small perturbations to images. To improve adversarial image generation for DNNs, we develop a novel method, called mFI-PSO, which utilizes a Manifold-based First-order Influence measure for vulnerable image and pixel selection and the Particle Swarm Optimization for various objective functions. Our mFI-PSO can thus effectively design adversarial images with flexible, customized options on the number of perturbed pixels, the misclassification probability, and the targeted incorrect class. Experiments demonstrate the flexibility and effectiveness of our mFI-PSO in adversarial attacks and its appealing advantages over some popular methods.