Abstract
Convolutional Neural Networks, that perform image recognition, assess images by first resizing them to their fitting input size. In particular, high resolution images are scaled down, say to \(224 \times 224\) for CNNs trained on ImageNet. So far, existing attacks, that aim at creating an adversarial image that a CNN would misclassify while a human would not notice any difference between the modified and the unmodified image, actually work in the \(224 \times 224\) resized domain and not in the high resolution domain. Indeed, attacking high resolution images directly leads to complex challenges in terms of speed, adversity and visual quality, that make these attacks infeasible in practice. We design an indirect strategy that addresses effectively this issue. It lifts to the high resolution domain any existing attack that works in the CNN’s input size domain. The adversarial noise is of the same size as the original image. We apply this strategy to construct efficiently high resolution adversarial images of good visual quality that fool VGG-16 trained on ImageNet.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., et al.: TensorFlow: Large-scale machine learning on heterogeneous systems (2015). https://www.tensorflow.org/software available from tensorflow.org
Agrafiotis, D.: Chapter 9 - video error concealment. In: Theodoridis, S., Chellappa, R. (eds.) Academic Press Library in signal processing, academic press library in signal processing, vol. 5, pp. 295–321. Elsevier (2014). https://doi.org/10.1016/B978-0-12-420149-1.00009-0, https://www.sciencedirect.com/science/article/pii/B9780124201491000090
Baluja, S., Fischer, I.: Adversarial transformation networks: learning to generate adversarial examples. arXiv preprint arXiv:1703.09387 (2017)
Mukherjee, I., Canini, K., Frongillo, R., Singer, Y.: Parallel boosting with momentum. In: Blockeel, H., Kersting, K., Nijssen, S., Železný, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 17–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40994-3_2
Blier, L.: A brief report of the heuritech deep learning meetup\(\# 5\) (2016). https://heuritech.wordpress.com/2016/02/29/a-brief-report-of-the-heuritech-deep-learning-meetup-5/
Brendel, W., Rauber, J., Bethge, M.: Decision-based adversarial attacks: reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248 (2017)
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57 IEEE (2017)
Chitic, R., Bernard, N., Leprévost, F.: A proof of concept to deceive humans and machines at image classification with evolutionary algorithms. In: Nguyen, N.T., Jearanaitanakij, K., Selamat, A., Trawiński, B., Chittayasothorn, S. (eds.) ACIIDS 2020. LNCS (LNAI), vol. 12034, pp. 467–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42058-1_39
Chitic, R., Leprévost, F., Bernard, N.: Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios. J. Inf. Telecommun. 5, 1–23 (2020)
Chollet, F., et al.: Keras. https://keras.io (2015)
Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: The ImageNet Image Database (2009). http://image-net.org
Duchon, C.E.: Lanczos filtering in one and two dimensions. J. Appl. Meteorol. Climatol. 18(8), 1016–1022 (1979)
Guo, C., Gardner, J., You, Y., Wilson, A.G., Weinberger, K.: Simple black-box adversarial attacks. In: International Conference on Machine Learning, pp. 2484–2493 PMLR (2019)
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv preprint arXiv:1702.05983 (2017)
Jere, M., Rossi, L., Hitaj, B., Ciocarlie, G., Boracchi, G., Koushanfar, F.: Scratch that! an evolution-based adversarial attack against neural networks. arXiv preprint arXiv:1912.02316 (2019)
Keys, R.: Cubic convolution interpolation for digital image processing. IEEE Trans. Acoust. Speech Sign. Process. 29(6), 1153–1160 (1981)
Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10 (canadian institute for advanced research). http://www.cs.toronto.edu/kriz/cifar.html
Li, X., Orchard, M.T.: New edge-directed interpolation. IEEE Trans. Image Process. 10(10), 1521–1527 (2001)
Oliphant, T.E.: A guide to NumPy. Trelgol Publishing USA (2006)
Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506–519 (2017)
Parsania, P.S., Virparia, P.V.: A comparative analysis of image interpolation algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 5(1), 29–34 (2016)
Patel, V., Mistree, K.: A review on different image interpolation techniques for image enhancement. Int. J. Emerg. Technol. Adv. Eng. 3(12), 129–133 (2013)
Schulter, S., Leistner, C., Bischof, H.: Fast and accurate image upscaling with super-resolution forests. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2015)
SpeedyGraphito: Mes 400 Coups. Panoramart (2020)
Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)
Topal, A.O., Chitic, R., Leprévost, F.: One evolutionary algorithm deceives humans and ten convolutional neural networks trained on imagenet at image recognition. (Under review), pp. 67–480 (2022)
Van Rossum, G., Drake, F.L.: Python 3 Reference Manual. CreateSpace, Scotts Valley, CA (2009)
Van der Walt, S., et al.: The scikit-image contributors: scikit-image: image processing in Python. PeerJ 2, (2014). https://doi.org/10.7717/peerj.453
Ye, M., Lyu, D., Chen, G.: Scale-iterative upscaling network for image deblurring. IEEE Access 8, 18316–18325 (2020). https://doi.org/10.1109/ACCESS.2020.2967823
Zhang, X., Wu, X.: Image interpolation by adaptive 2-D autoregressive modeling and soft-decision estimation. IEEE Trans. Image Process. 17(6), 887–896 (2008)
Acknowledgments
The authors express their gratitude to Speedy Graphito and to Bernard Utudjian for their interest in this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Leprévost, F., Topal, A.O., Avdusinovic, E., Chitic, R. (2022). Strategy and Feasibility Study for the Construction of High Resolution Images Adversarial Against Convolutional Neural Networks. In: Nguyen, N.T., Tran, T.K., Tukayev, U., Hong, TP., Trawiński, B., Szczerbicki, E. (eds) Intelligent Information and Database Systems. ACIIDS 2022. Lecture Notes in Computer Science(), vol 13757. Springer, Cham. https://doi.org/10.1007/978-3-031-21743-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-21743-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21742-5
Online ISBN: 978-3-031-21743-2
eBook Packages: Computer ScienceComputer Science (R0)