ABSTRACT The range of applications of Neural Networks encompasses image classification. However, Neural Networks are vulnerable to attacks, and may misclassify adversarial images, leading to potentially disastrous consequences. Pursuing some of our previous work, we provide an extended proof of concept of a black-box, targeted, non-parametric attack using evolutionary algorithms to fool both Neural Networks and humans at the task of image classification. Our feasibility study is performed on VGG-16 trained on CIFAR-10. For any category of CIFAR-10, one chooses an image classified by VGG-16 as belonging to . From there, two scenarios are addressed. In the first scenario, a target category is fixed a priori. We construct an evolutionary algorithm that evolves to a modified image that VGG-16 classifies as belonging to . In the second scenario, we construct another evolutionary algorithm that evolves to a modified image that VGG-16 is unable to classify. In both scenarios, the obtained adversarial images remain so close to the original one that a human would likely classify them as still belonging to .
展开▼
