Visualizing One Pixel Attack Using Adversarial Maps

Wanyi Wang; Jian Sun; Gang Wang

doi:10.1109/CAC51589.2020.9327603

Visualizing One Pixel Attack Using Adversarial Maps

Wanyi Wang, Jian Sun, Gang Wang

School of Automation

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Citations (Scopus)

Abstract

One pixel attack is one of the most puzzling adversarial attacks, in which the position of the attack plays an important role. However, little research has been conducted on the distributions of one pixel attack. In this context, a technique called adversarial maps is proposed, which helps visualize the distributions of one pixel attack for the first time. Adversarial maps consist of pixel adversarial maps and probability adversarial maps, which record the pixel changes and the confidence of the target class in successful attack cases, respectively. Leveraging this technique, one pixel attack distributions and why the position of one pixel attack impacts success rate is explored. Adversarial maps reveal that successful attacks always group as regions and the high saliency areas of saliency maps are more likely to be attacked successfully. Moreover, these observations are further corroborated by a mathematical analysis, demonstrating that adversarial attacks are disturbances in the saliency maps.

Original language	English
Title of host publication	Proceedings - 2020 Chinese Automation Congress, CAC 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	924-929
Number of pages	6
ISBN (Electronic)	9781728176871
DOIs	https://doi.org/10.1109/CAC51589.2020.9327603
Publication status	Published - 6 Nov 2020
Event	2020 Chinese Automation Congress, CAC 2020 - Shanghai, China Duration: 6 Nov 2020 → 8 Nov 2020

Publication series

Name	Proceedings - 2020 Chinese Automation Congress, CAC 2020

Conference

Conference	2020 Chinese Automation Congress, CAC 2020
Country/Territory	China
City	Shanghai
Period	6/11/20 → 8/11/20

Keywords

adversarial maps
attack distributions
one pixel attack
saliency maps

Access to Document

10.1109/CAC51589.2020.9327603

Cite this

@inproceedings{5c3ca517801f47d287ba143366ca39af,

title = "Visualizing One Pixel Attack Using Adversarial Maps",

abstract = "One pixel attack is one of the most puzzling adversarial attacks, in which the position of the attack plays an important role. However, little research has been conducted on the distributions of one pixel attack. In this context, a technique called adversarial maps is proposed, which helps visualize the distributions of one pixel attack for the first time. Adversarial maps consist of pixel adversarial maps and probability adversarial maps, which record the pixel changes and the confidence of the target class in successful attack cases, respectively. Leveraging this technique, one pixel attack distributions and why the position of one pixel attack impacts success rate is explored. Adversarial maps reveal that successful attacks always group as regions and the high saliency areas of saliency maps are more likely to be attacked successfully. Moreover, these observations are further corroborated by a mathematical analysis, demonstrating that adversarial attacks are disturbances in the saliency maps.",

keywords = "adversarial maps, attack distributions, one pixel attack, saliency maps",

author = "Wanyi Wang and Jian Sun and Gang Wang",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 Chinese Automation Congress, CAC 2020 ; Conference date: 06-11-2020 Through 08-11-2020",

year = "2020",

month = nov,

day = "6",

doi = "10.1109/CAC51589.2020.9327603",

language = "English",

series = "Proceedings - 2020 Chinese Automation Congress, CAC 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "924--929",

booktitle = "Proceedings - 2020 Chinese Automation Congress, CAC 2020",

address = "United States",

}

Wang, W, Sun, J & Wang, G 2020, Visualizing One Pixel Attack Using Adversarial Maps. in Proceedings - 2020 Chinese Automation Congress, CAC 2020., 9327603, Proceedings - 2020 Chinese Automation Congress, CAC 2020, Institute of Electrical and Electronics Engineers Inc., pp. 924-929, 2020 Chinese Automation Congress, CAC 2020, Shanghai, China, 6/11/20. https://doi.org/10.1109/CAC51589.2020.9327603

Visualizing One Pixel Attack Using Adversarial Maps. / Wang, Wanyi; Sun, Jian ; Wang, Gang.
Proceedings - 2020 Chinese Automation Congress, CAC 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 924-929 9327603 (Proceedings - 2020 Chinese Automation Congress, CAC 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Visualizing One Pixel Attack Using Adversarial Maps

AU - Wang, Wanyi

AU - Sun, Jian

AU - Wang, Gang

PY - 2020/11/6

Y1 - 2020/11/6

N2 - One pixel attack is one of the most puzzling adversarial attacks, in which the position of the attack plays an important role. However, little research has been conducted on the distributions of one pixel attack. In this context, a technique called adversarial maps is proposed, which helps visualize the distributions of one pixel attack for the first time. Adversarial maps consist of pixel adversarial maps and probability adversarial maps, which record the pixel changes and the confidence of the target class in successful attack cases, respectively. Leveraging this technique, one pixel attack distributions and why the position of one pixel attack impacts success rate is explored. Adversarial maps reveal that successful attacks always group as regions and the high saliency areas of saliency maps are more likely to be attacked successfully. Moreover, these observations are further corroborated by a mathematical analysis, demonstrating that adversarial attacks are disturbances in the saliency maps.

AB - One pixel attack is one of the most puzzling adversarial attacks, in which the position of the attack plays an important role. However, little research has been conducted on the distributions of one pixel attack. In this context, a technique called adversarial maps is proposed, which helps visualize the distributions of one pixel attack for the first time. Adversarial maps consist of pixel adversarial maps and probability adversarial maps, which record the pixel changes and the confidence of the target class in successful attack cases, respectively. Leveraging this technique, one pixel attack distributions and why the position of one pixel attack impacts success rate is explored. Adversarial maps reveal that successful attacks always group as regions and the high saliency areas of saliency maps are more likely to be attacked successfully. Moreover, these observations are further corroborated by a mathematical analysis, demonstrating that adversarial attacks are disturbances in the saliency maps.

KW - adversarial maps

KW - attack distributions

KW - one pixel attack

KW - saliency maps

UR - http://www.scopus.com/inward/record.url?scp=85100932494&partnerID=8YFLogxK

U2 - 10.1109/CAC51589.2020.9327603

DO - 10.1109/CAC51589.2020.9327603

M3 - Conference contribution

AN - SCOPUS:85100932494

T3 - Proceedings - 2020 Chinese Automation Congress, CAC 2020

SP - 924

EP - 929

BT - Proceedings - 2020 Chinese Automation Congress, CAC 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2020 Chinese Automation Congress, CAC 2020

Y2 - 6 November 2020 through 8 November 2020

ER -

Visualizing One Pixel Attack Using Adversarial Maps

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this