Optimizing One-pixel Black-box Adversarial Attacks
This work addresses the practical usability of adversarial attacks in real-world settings, though it is incremental as it builds upon existing one-pixel attack methods.
The paper tackled the problem of high computational cost in one-pixel black-box adversarial attacks on deep neural networks by optimizing the choice of optimization algorithm and initial search positions, resulting in reduced function calls and significantly increased attack success rates.
The output of Deep Neural Networks (DNN) can be altered by a small perturbation of the input in a black box setting by making multiple calls to the DNN. However, the high computation and time required makes the existing approaches unusable. This work seeks to improve the One-pixel (few-pixel) black-box adversarial attacks to reduce the number of calls to the network under attack. The One-pixel attack uses a non-gradient optimization algorithm to find pixel-level perturbations under the constraint of a fixed number of pixels, which causes the network to predict the wrong label for a given image. We show through experimental results how the choice of the optimization algorithm and initial positions to search can reduce function calls and increase attack success significantly, making the attack more practical in real-world settings.