Adversarial image generation using genetic algorithms with black-box technique

Abstract

Abstract. Convolutional neural networks are a technique that has demonstrated great success in computer vision tasks, such as image classification and object detection. Like any machine learning model, they have limitations and vulnerabilities that must be carefully considered for safe and effective use. One of the main limitations lies in their complexity and the difficulty of interpreting their internal workings, which can be exploited for malicious purposes. The goal of these attacks is to make deliberate changes to the input data in order to deceive the model and cause it to make incorrect decisions. These attacks are known as adversarial attacks. This work focuses on the generation of adversarial images using genetic algorithms for a convolutional neural network trained on the MNIST dataset. Several strategies are employed, including targeted and untargeted attacks, as well as the presentation of interpretable and non-interpretable images that are unrecognizable to humans but are misidentified and confidently classified by the network. The experiment demonstrates the ability to generate adversarial images in a relatively short time, highlighting the vulnerability of neural networks and the ease with which they can be deceived. These results underscore the importance of developing more secure and reliable artificial intelligence systems capable of resisting such attacks. .