Published on

One-pixel attack

Authors

Are you aware of this problem in machine learning?

Image

Imagine changing the value of one pixel in an image and the neural networks predict the image of a horse as 99% frog.

This is totally possible and is called as “one-pixel attack”.

One-pixel attack is a subset of the idea called “adversarial attacks” or “adversarial examples” where we can make a small modification that humans cannot detect to an image and make the neural network misclassify.

In regular adversarial attacks, we can modify any number of pixels by an incredibly small value.

In a one-pixel attack, we can only modify one pixel of the image by as much as we want.

The way we find the pixel whose modification and R, G, B value modification that leads to misclassification is figured out through an algorithm called “differential evolution”.

Differential evolution is similar to genetic algorithm. A few pixels are randomly selected as the parents. The parents mutate and produce “offspring” pixels. If the offspring can increase the loss function or decrease the prediction confidence, then they survive (survival of the fittest). Otherwise, they are discarded (elimination of the unfit).

Evolution is random mutation and non-random selection. We are likely to arrive at the optima, but not guaranteed.

Differential evolution (DE) is so powerful because unlike gradient descent you don’t need a differentiable function. You can apply DE on any function.

Author

AiUTOMATING PEOPLE, ABN ASIA was founded by people with deep roots in academia, with work experience in the US, Holland, Hungary, Japan, South Korea, Singapore, and Vietnam. ABN Asia is where academia and technology meet opportunity. With our cutting-edge solutions and competent software development services, we're helping businesses level up and take on the global scene. Our commitment: Faster. Better. More reliable. In most cases: Cheaper as well.

Feel free to reach out to us whenever you require IT services, digital consulting, off-the-shelf software solutions, or if you'd like to send us requests for proposals (RFPs). You can contact us at [email protected]. We're ready to assist you with all your technology needs.

ABNAsia.org

© ABN ASIA

AbnAsia.org Software

Discuss on TwitterView on GitHub

Share: