[论文阅读笔记]One pixel attack for fooling deep neural networks

论文题目:One pixel attack for fooling deep neural networks
论文地址:https://arxiv.org/abs/1710.08864

One-pixel

The goal of adversaries in the case of targeted attacks is to find the optimized solution e(x)^* for the following question:

where

  • \mathbf{x}=\left(x_{1}, \cdots, x_{n}\right), n-dimensional inputs
  • f, the target image classifier
  • f_t(\mathbf{x}), the probability of \mathbf{x} belonging to the class t
  • \left(e_{1}, \cdots, e_{n}\right), an additive adversarial perturbation according to \mathbf{x}
  • adv, the target class
  • L, the limitation of maximum modification

In our approach, the equation is slightly different:


where d is a small number. In the case of one-pixel attack d =1.
note: 0范数表示向量中非零元素的个数。

参考

One pixel 对抗攻击_学习笔记
修改一个像素,就能让神经网络识别图像出错
论文阅读笔记三十:One pixel attack for fooling deep neural networks(CVPR2017)

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容