AI (Jul 2024)

Dynamic Programming-Based White Box Adversarial Attack for Deep Neural Networks

  • Swati Aggarwal,
  • Anshul Mittal,
  • Sanchit Aggarwal,
  • Anshul Kumar Singh

DOI
https://doi.org/10.3390/ai5030059
Journal volume & issue
Vol. 5, no. 3
pp. 1216 – 1234

Abstract

Read online

Recent studies have exposed the vulnerabilities of deep neural networks to some carefully perturbed input data. We propose a novel untargeted white box adversarial attack, the dynamic programming-based sub-pixel score method (SPSM) attack (DPSPSM), which is a variation of the traditional gradient-based white box adversarial approach that is limited by a fixed hamming distance using a dynamic programming-based structure. It is stimulated using a pixel score metric technique, the SPSM, which is introduced in this paper. In contrast to the conventional gradient-based adversarial attacks, which alter entire images almost imperceptibly, the DPSPSM is swift and offers the robustness of manipulating only a small number of input pixels. The presented algorithm quantizes the gradient update with a score generated for each pixel, incorporating contributions from each channel. The results show that the DPSPSM deceives the model with a success rate of 30.45% in the CIFAR-10 test set and 29.30% in the CIFAR-100 test set.

Keywords