[论文阅读笔记]One pixel attack for foo

2020-03-29 本文已影响0人 wangxiaoguang

论文题目：One pixel attack for fooling deep neural networks
论文地址：https://arxiv.org/abs/1710.08864

One-pixel

The goal of adversaries in the case of targeted attacks is to find the optimized solution $e(x)^*$ for the following question:

where

$\mathbf{x}=\left(x_{1}, \cdots, x_{n}\right)$ , n-dimensional inputs
$f$ , the target image classifier
$f_t(\mathbf{x})$ , the probability of $\mathbf{x}$ belonging to the class $t$
$\left(e_{1}, \cdots, e_{n}\right)$ , an additive adversarial perturbation according to $\mathbf{x}$
$adv$ , the target class
$L$ , the limitation of maximum modification