Threats to Arabic Handwriting Recognition: Investigating Black-Box Adversarial Attacks on embedded ConvNet models

TL;DR

This paper reveals that high-performing Arabic handwriting recognition models are highly vulnerable to black-box adversarial attacks, which can almost imperceptibly deceive the models with high success rates.

Contribution

It demonstrates the effectiveness of black-box adversarial attacks on Arabic handwriting recognition models and highlights the need for improved security measures.

Findings

Pixle attack achieves 99-100% success rate

Less aggressive attacks succeed 50-96%

Attacks preserve character structure and are imperceptible

Abstract

Arabic handwriting recognition (AHR) has made significant progress with deep learning models. AHR research has largely focused on performance, with security receiving little attention. This study provides what appears to be a new line of inquiry by demonstrating the vulnerability of high-performing models to adversarial black-box attacks. The focus on black-box attacks reflects real-world scenarios where the attacker has no prior knowledge of the model architecture. Extensive experiments were conducted on two benchmark AHR datasets containing Arabic handwritten Characters. Results demonstrated the effectiveness of the attacks, with the Pixle attack achieving an attack success rate of 99-100\% on most models. Other, less aggressive attacks achieved success rates of 50-96\% across most experiments. Despite the higher attack success rate, the attacks maintain the structural integrity of the characters, rendering them almost imperceptible to the human eye. The findings indicate the higher vulnerability of the studied models to adversarial manipulation. This underscores the need to strengthen efforts to secure these models and ensure their reliability in AHR real-world applications.