Adversarial attacks to image classification systems using evolutionary algorithms

TL;DR

This paper presents a novel method combining evolutionary algorithms and generative adversarial networks to generate adversarial attacks on image classifiers, demonstrating improved success rates over existing methods in two case studies.

Contribution

It introduces a new approach that explores GAN latent space with evolutionary algorithms to craft effective adversarial examples for image classification systems.

Findings

Success rates up to 35% for handwritten digits

Success rates up to 75% for object images

Outperforms other search methods in effectiveness

Abstract

Image classification currently faces significant security challenges due to adversarial attacks, which consist of intentional alterations designed to deceive classification models based on artificial intelligence. This article explores an approach to generate adversarial attacks against image classifiers using a combination of evolutionary algorithms and generative adversarial networks. The proposed approach explores the latent space of a generative adversarial network with an evolutionary algorithm to find vectors representing adversarial attacks. The approach was evaluated in two case studies corresponding to the classification of handwritten digits and object images. The results showed success rates of up to 35% for handwritten digits, and up to 75% for object images, improving over other search methods and reported results in related works. The applied method proved to be effective in handling data diversity on the target datasets, even in problem instances that presented additional challenges due to the complexity and richness of information.