Adversarial image generation using genetic algorithms with black-box technique
- Autores
- Pérez, Gabriela Alejandra; Pons, Claudia Fabiana
- Año de publicación
- 2023
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- Convolutional neural networks are a technique that has demonstrated great success in computer vision tasks, such as image classification and object detection. Like any machine learning model, they have limitations and vulnerabilities that must be carefully considered for safeand effective use. One of the main limitations lies in their complexity and the difficulty of interpreting their internal workings, which can be exploited for malicious purposes. The goal of these attacks is to make deliberate changes to the input data in order to deceive the model and cause it to make incorrect decisions. These attacks are known as adversarial attacks. This work focuses on the generation of adversarial images using genetic algorithms for a convolutional neural network trained on the MNIST dataset. Several strategies are employed, including targeted and untargeted attacks, as well as the presentation of interpretable and non-interpretable images that are unrecognizable to humans but are misidentified and confidently classified by the network. The experiment demonstrates the ability to generate adversarial images in a relatively short time, highlighting the vulnerability of neural networks and the ease with which they can be deceived. These results underscore the importance of developing more secure and reliable artificial intelligence systems capable of resisting such attacks.
Las redes neuronales convolucionales conforman una tecnica que ha demostrado un gran éxito en tareas de visión artificial, como laclasificación de imágenes y detección de objetos. Como cualquier modelo de aprendizaje automático, tiene limitaciones y vulnerabilidades quedeben ser consideradas cuidadosamente para utilizarlas de manera segura y efectiva. Una de las limitaciones principales se encuentra en sucomplejidad y la dificultad de interpretar su funcionamiento interno, lo que puede ser explotado con fines maliciosos. El objetivo de estos ataquesconsiste en hacer cambios deliberados en la entrada de datos, de forma tal de engañar al modelo y hacer que tome decisiones incorrectas. Estosataques son conocidos como ataques adversarios. Este trabajo se centra en la generación de imágenes adversarias utilizando algoritmos genéticos para una red neuronal convolucional entrenada con el dataset MNIST. Se utilizan varias estrategias incluyendo ataques dirigidos y no dirigidos, así como también se presentan imágenes interpretables y no interpretables, no reconocibles para los humanos, pero que la red identifica y clasifica erróneamente con alta confianza. El experimento muestra la posibilidad de generar imágenes adversarias en un tiempo relativamente corto, lo que pone en evidencia la vulnerabilidad de las redes neuronales y la facilidad con la que pueden ser engañadas. Estos resultados resaltan la importancia de desarrollar sistemas de inteligencia artificial más seguros y confiables, capaces de resistir estos ataques.
Sociedad Argentina de Informática e Investigación Operativa - Materia
-
Ciencias Informáticas
Convolutional Neural Networks
Adversarial Images
Genetic Algorithms - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/4.0/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/165930
Ver los metadatos del registro completo
| id |
SEDICI_2a3bd8fa58bae613d98ebf2f05843ccc |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/165930 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Adversarial image generation using genetic algorithms with black-box techniquePérez, Gabriela AlejandraPons, Claudia FabianaCiencias InformáticasConvolutional Neural NetworksAdversarial ImagesGenetic AlgorithmsConvolutional neural networks are a technique that has demonstrated great success in computer vision tasks, such as image classification and object detection. Like any machine learning model, they have limitations and vulnerabilities that must be carefully considered for safeand effective use. One of the main limitations lies in their complexity and the difficulty of interpreting their internal workings, which can be exploited for malicious purposes. The goal of these attacks is to make deliberate changes to the input data in order to deceive the model and cause it to make incorrect decisions. These attacks are known as adversarial attacks. This work focuses on the generation of adversarial images using genetic algorithms for a convolutional neural network trained on the MNIST dataset. Several strategies are employed, including targeted and untargeted attacks, as well as the presentation of interpretable and non-interpretable images that are unrecognizable to humans but are misidentified and confidently classified by the network. The experiment demonstrates the ability to generate adversarial images in a relatively short time, highlighting the vulnerability of neural networks and the ease with which they can be deceived. These results underscore the importance of developing more secure and reliable artificial intelligence systems capable of resisting such attacks.Las redes neuronales convolucionales conforman una tecnica que ha demostrado un gran éxito en tareas de visión artificial, como laclasificación de imágenes y detección de objetos. Como cualquier modelo de aprendizaje automático, tiene limitaciones y vulnerabilidades quedeben ser consideradas cuidadosamente para utilizarlas de manera segura y efectiva. Una de las limitaciones principales se encuentra en sucomplejidad y la dificultad de interpretar su funcionamiento interno, lo que puede ser explotado con fines maliciosos. El objetivo de estos ataquesconsiste en hacer cambios deliberados en la entrada de datos, de forma tal de engañar al modelo y hacer que tome decisiones incorrectas. Estosataques son conocidos como ataques adversarios. Este trabajo se centra en la generación de imágenes adversarias utilizando algoritmos genéticos para una red neuronal convolucional entrenada con el dataset MNIST. Se utilizan varias estrategias incluyendo ataques dirigidos y no dirigidos, así como también se presentan imágenes interpretables y no interpretables, no reconocibles para los humanos, pero que la red identifica y clasifica erróneamente con alta confianza. El experimento muestra la posibilidad de generar imágenes adversarias en un tiempo relativamente corto, lo que pone en evidencia la vulnerabilidad de las redes neuronales y la facilidad con la que pueden ser engañadas. Estos resultados resaltan la importancia de desarrollar sistemas de inteligencia artificial más seguros y confiables, capaces de resistir estos ataques.Sociedad Argentina de Informática e Investigación Operativa2023-09info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdf82-94http://sedici.unlp.edu.ar/handle/10915/165930enginfo:eu-repo/semantics/altIdentifier/url/https://publicaciones.sadio.org.ar/index.php/JAIIO/article/view/670info:eu-repo/semantics/altIdentifier/issn/2451-7496info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/4.0/Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-10-15T11:35:41Zoai:sedici.unlp.edu.ar:10915/165930Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-10-15 11:35:42.219SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Adversarial image generation using genetic algorithms with black-box technique |
| title |
Adversarial image generation using genetic algorithms with black-box technique |
| spellingShingle |
Adversarial image generation using genetic algorithms with black-box technique Pérez, Gabriela Alejandra Ciencias Informáticas Convolutional Neural Networks Adversarial Images Genetic Algorithms |
| title_short |
Adversarial image generation using genetic algorithms with black-box technique |
| title_full |
Adversarial image generation using genetic algorithms with black-box technique |
| title_fullStr |
Adversarial image generation using genetic algorithms with black-box technique |
| title_full_unstemmed |
Adversarial image generation using genetic algorithms with black-box technique |
| title_sort |
Adversarial image generation using genetic algorithms with black-box technique |
| dc.creator.none.fl_str_mv |
Pérez, Gabriela Alejandra Pons, Claudia Fabiana |
| author |
Pérez, Gabriela Alejandra |
| author_facet |
Pérez, Gabriela Alejandra Pons, Claudia Fabiana |
| author_role |
author |
| author2 |
Pons, Claudia Fabiana |
| author2_role |
author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas Convolutional Neural Networks Adversarial Images Genetic Algorithms |
| topic |
Ciencias Informáticas Convolutional Neural Networks Adversarial Images Genetic Algorithms |
| dc.description.none.fl_txt_mv |
Convolutional neural networks are a technique that has demonstrated great success in computer vision tasks, such as image classification and object detection. Like any machine learning model, they have limitations and vulnerabilities that must be carefully considered for safeand effective use. One of the main limitations lies in their complexity and the difficulty of interpreting their internal workings, which can be exploited for malicious purposes. The goal of these attacks is to make deliberate changes to the input data in order to deceive the model and cause it to make incorrect decisions. These attacks are known as adversarial attacks. This work focuses on the generation of adversarial images using genetic algorithms for a convolutional neural network trained on the MNIST dataset. Several strategies are employed, including targeted and untargeted attacks, as well as the presentation of interpretable and non-interpretable images that are unrecognizable to humans but are misidentified and confidently classified by the network. The experiment demonstrates the ability to generate adversarial images in a relatively short time, highlighting the vulnerability of neural networks and the ease with which they can be deceived. These results underscore the importance of developing more secure and reliable artificial intelligence systems capable of resisting such attacks. Las redes neuronales convolucionales conforman una tecnica que ha demostrado un gran éxito en tareas de visión artificial, como laclasificación de imágenes y detección de objetos. Como cualquier modelo de aprendizaje automático, tiene limitaciones y vulnerabilidades quedeben ser consideradas cuidadosamente para utilizarlas de manera segura y efectiva. Una de las limitaciones principales se encuentra en sucomplejidad y la dificultad de interpretar su funcionamiento interno, lo que puede ser explotado con fines maliciosos. El objetivo de estos ataquesconsiste en hacer cambios deliberados en la entrada de datos, de forma tal de engañar al modelo y hacer que tome decisiones incorrectas. Estosataques son conocidos como ataques adversarios. Este trabajo se centra en la generación de imágenes adversarias utilizando algoritmos genéticos para una red neuronal convolucional entrenada con el dataset MNIST. Se utilizan varias estrategias incluyendo ataques dirigidos y no dirigidos, así como también se presentan imágenes interpretables y no interpretables, no reconocibles para los humanos, pero que la red identifica y clasifica erróneamente con alta confianza. El experimento muestra la posibilidad de generar imágenes adversarias en un tiempo relativamente corto, lo que pone en evidencia la vulnerabilidad de las redes neuronales y la facilidad con la que pueden ser engañadas. Estos resultados resaltan la importancia de desarrollar sistemas de inteligencia artificial más seguros y confiables, capaces de resistir estos ataques. Sociedad Argentina de Informática e Investigación Operativa |
| description |
Convolutional neural networks are a technique that has demonstrated great success in computer vision tasks, such as image classification and object detection. Like any machine learning model, they have limitations and vulnerabilities that must be carefully considered for safeand effective use. One of the main limitations lies in their complexity and the difficulty of interpreting their internal workings, which can be exploited for malicious purposes. The goal of these attacks is to make deliberate changes to the input data in order to deceive the model and cause it to make incorrect decisions. These attacks are known as adversarial attacks. This work focuses on the generation of adversarial images using genetic algorithms for a convolutional neural network trained on the MNIST dataset. Several strategies are employed, including targeted and untargeted attacks, as well as the presentation of interpretable and non-interpretable images that are unrecognizable to humans but are misidentified and confidently classified by the network. The experiment demonstrates the ability to generate adversarial images in a relatively short time, highlighting the vulnerability of neural networks and the ease with which they can be deceived. These results underscore the importance of developing more secure and reliable artificial intelligence systems capable of resisting such attacks. |
| publishDate |
2023 |
| dc.date.none.fl_str_mv |
2023-09 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/165930 |
| url |
http://sedici.unlp.edu.ar/handle/10915/165930 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/https://publicaciones.sadio.org.ar/index.php/JAIIO/article/view/670 info:eu-repo/semantics/altIdentifier/issn/2451-7496 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) |
| dc.format.none.fl_str_mv |
application/pdf 82-94 |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1846064381493772288 |
| score |
13.22299 |