Thursday, November 2, 2017

One Pixel Attack For Fooling Deep Neural Networks

It's astounding that you can fool deep neural networks by changing a pixel or two in an image. The worst part is that the images are easily identifiable even after being "altered." I guess computers are going to replace us all just yet...unless they misidentify us and eradicate us all. 😆

The results show that 73.8% of the test images can be crafted to adversarial images with modification just on one pixel with 98.7% confidence on average. In addition, it is known that investigating the robustness problem of DNN can bring critical clues for understanding the geometrical features of the DNN decision map in high dimensional input space. The results of conducting few-pixels attack contribute quantitative measurements and analysis to the geometrical understanding from a different perspective compared to previous works.