Abstract
In the present paper, we propose two new black-box attacks to generate adversarial images. The first proposition is a new version One-pixel attack. It consists at reducing the search space of pixels by segmenting the image at the first stage. Then, a nature-inspired algorithm is applied to find the optimal pixel able to modify the decision of the deep learning model. The second proposition is X-pixel attack introduced to overcome the drawbacks of the One-pixel attack. It consists at firstly construct a large sub-set of potential pixels, then at apply a feature selection approach to optimize it. Many experiments are undertaken with CNN and ResNet learning models on MNIST and CIFAR-10 datasets. Some comparisons are also done with FGSM, PGD and JSMA attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
