Pixle: a fast and effective black-box attack based on rearranging pixels
This addresses security vulnerabilities in AI systems for applications like image recognition, but it is incremental as it builds on existing adversarial attack research.
The paper tackles the problem of black-box adversarial attacks on neural networks by proposing a method that rearranges a small number of pixels in images to cause misclassification, achieving a high success rate with minimal iterations and imperceptible changes.
Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.