The Noise Blowing-Up Strategy Creates High Quality High Resolution Adversarial Images against Convolutional Neural Networks

Convolutional neural networks (CNNs) serve as powerful tools in computer vision tasks with extensive applications in daily life. However, they are susceptible to adversarial attacks. Still, attacks can be positive for at least two reasons. Firstly, revealing CNNs vulnerabilities prompts efforts to e...

Full description

Saved in:
Bibliographic Details
Published inApplied sciences Vol. 14; no. 8; p. 3493
Main Authors Topal, Ali Osman, Mancellari, Enea, Leprévost, Franck, Avdusinovic, Elmir, Gillet, Thomas
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.04.2024
Subjects
Analysis
black-box attack
Classification
Computational linguistics
convolutional neural network
evolutionary algorithm
Experiments
high-resolution adversarial image
Language processing
Machine vision
Natural language interfaces
Neural networks
noise blowing-up
Germany
Online AccessGet full text

Cover

More Information
Summary:Convolutional neural networks (CNNs) serve as powerful tools in computer vision tasks with extensive applications in daily life. However, they are susceptible to adversarial attacks. Still, attacks can be positive for at least two reasons. Firstly, revealing CNNs vulnerabilities prompts efforts to enhance their robustness. Secondly, adversarial images can also be employed to preserve privacy-sensitive information from CNN-based threat models aiming to extract such data from images. For such applications, the construction of high-resolution adversarial images is mandatory in practice. This paper firstly quantifies the speed, adversity, and visual quality challenges involved in the effective construction of high-resolution adversarial images, secondly provides the operational design of a new strategy, called here the noise blowing-up strategy, working for any attack, any scenario, any CNN, any clean image, thirdly validates the strategy via an extensive series of experiments. We performed experiments with 100 high-resolution clean images, exposing them to seven different attacks against 10 CNNs. Our method achieved an overall average success rate of 75% in the targeted scenario and 64% in the untargeted scenario. We revisited the failed cases: a slight modification of our method led to success rates larger than 98.9%. As of today, the noise blowing-up strategy is the first generic approach that successfully solves all three speed, adversity, and visual quality challenges, and therefore effectively constructs high-resolution adversarial images with high-quality requirements.
ISSN:2076-3417
2076-3417
DOI:10.3390/app14083493