Skip to main content
SpringerLink
Log in
Book cover

Joint German/Austrian Conference on Artificial Intelligence (Künstliche Intelligenz)

KI 2019: KI 2019: Advances in Artificial Intelligence pp 115–122Cite as

Reducing Search Space of Genetic Algorithms for Fast Black Box Attacks on Image Classifiers

  • Conference paper
  • First Online:

  • 1106 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11793))

Abstract

Recent research regarding the reliability of Deep Neural Networks (DNN) revealed that it is easy to produce images that are completely unrecognizable to humans, but DNNs recognize as classifiable objects with 99.99% confidence. The present study investigates the effect of search space reduction for Genetic Algorithms (GA) on their capability of purposefully fooling DNNs. Therefore, we introduce a GA with respective modifications that is able to fool neural networks trained to classify objects from well-known benchmark image data sets like GTSRB or MNIST. The developed GA is extended and thus capable of reducing the search space without changing its general behavior. Empirical results on MNIST indicate a significantly decreased number of generations needed to satisfy the targeted confidence of an MNIST image classifier (12 instead of 228 generations). Conducted experiments on GTSRB, a more challenging object classification scenario, show similar results. Therefore, fooling DNNs has found not only easily possible but can also be done very fast. Our study thus substantiates an already recognized, potential danger for DNN-based computer vision or object recognition applications.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://gi.de/.

  2. 2.

    Keras CNN Model: https://keras.io/examples/mnist_cnn/.

References

  1. Nguyen, A., Yosinski, J., Clune, J.: Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. arXiv:1412.1897 [cs], December 2014

  2. Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 506–519. ACM, New York (2017). ISBN 978-1-4503-4944-4

    Google Scholar 

  3. Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS P), March 2016, pp. 372–387 (2016)

    Google Scholar 

  4. Hu, W., Tan, Y.: Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. In: CoRR abs/1702.05983 (2017). arXiv:1702.05983

  5. Holland, J.H.: Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control and Artificial Intelligence. MIT Press, Cambridge (1992). ISBN 0262082136

    Book  Google Scholar 

  6. Whitley, D., Starkweather, T.: GENITOR II: a distributed genetic algorithm. J. Exp. Theoret. Artif. Intell. 2(3), 189–214 (1990). ISSN 0952–813X

    Article  Google Scholar 

  7. Srinivas, M., Patnaik, L.M.: Adaptive probabilities of crossover and mutation in genetic algorithms. IEEE Trans. Syst. Man Cybern. 24(4), 656–667 (1994). ISSN 0018–9472

    Article  Google Scholar 

  8. Michalewicz, Z.: Genetic Algorithms + Data Structures = Evolution Programs. Springer, Heidelberg (2013). Google-Books-ID: JmyrCAAAQBAJ. ISBN 978-3-662-03315-9

    Google Scholar 

  9. Muhlenbein, H., Schomisch, M., Born, J.: The parallel genetic algorithm as function optimizer. Parallel Comput. 17(6), 619–632 (1991). ISSN 0167–8191

    Article  Google Scholar 

  10. Grady, S.A., Hussaini, M.Y., Abdullah, M.M.: Placement of wind turbines using genetic algorithms. Renew. Energy 30(2), 259–270 (2005). ISSN 0960–1481

    Article  Google Scholar 

  11. Lee, M.A., Takagi, H.: Integrating design stages of fuzzy systems using genetic algorithms, pp. 612–617 (1993)

    Google Scholar 

  12. Pattnaik, S.B., Mohan, S., Tom, V.M.: Urban bus transit route network design using genetic algorithm. J. Transp. Eng. 124(4), 368–375 (1998)

    Article  Google Scholar 

  13. Rahmat-Samii, Y., Michielssen, E.: Electromagnetic Optimization by Genetic Algorithms, November 1999. English

    Google Scholar 

  14. Su, J., Vargas, D.V., Kouichi, S.: One pixel attack for fooling deep neural networks. arXiv:1710.08864 [cs, stat], October 2017

  15. Mitchell, T.M.: Machine Learning, 1st edn. McGraw-Hill Inc., New York (1997). ISBN 0070428077, 9780070428072

    Google Scholar 

  16. Bäck, T., Schwefel, H.-P.: An overview of evolutionary algorithms for parameter optimization. Evol. Comput. 1(1), 1–23 (1993)

    Article  Google Scholar 

  17. German Traffic Signs Benchmark. http://benchmark.ini.rub.de/?section=gtsdb&subsection=dataset. Accessed 26 Apr 2019

Download references

Author information

Authors and Affiliations

  1. Organic Computing Group, University of Augsburg, Augsburg, Germany

    Julius Brandl, Nicolas Breinl, Maximilian Demmler, Lukas Hartmann, Jörg Hähner & Anthony Stein

Authors
  1. Julius Brandl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicolas Breinl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maximilian Demmler
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lukas Hartmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jörg Hähner
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Anthony Stein
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lukas Hartmann .

Editor information

Editors and Affiliations

  1. Freie Universität Berlin, Berlin, Germany

    Christoph Benzmüller

  2. Universität Mannheim, Mannheim, Germany

    Heiner Stuckenschmidt

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brandl, J., Breinl, N., Demmler, M., Hartmann, L., Hähner, J., Stein, A. (2019). Reducing Search Space of Genetic Algorithms for Fast Black Box Attacks on Image Classifiers. In: Benzmüller, C., Stuckenschmidt, H. (eds) KI 2019: Advances in Artificial Intelligence. KI 2019. Lecture Notes in Computer Science(), vol 11793. Springer, Cham. https://doi.org/10.1007/978-3-030-30179-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-30179-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30178-1

  • Online ISBN: 978-3-030-30179-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation