Skip to main content
SpringerLink
Log in

Strategy and Feasibility Study for the Construction of High Resolution Images Adversarial Against Convolutional Neural Networks

  • Conference paper
  • First Online:
Intelligent Information and Database Systems (ACIIDS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13757))

Included in the following conference series:

Abstract

Convolutional Neural Networks, that perform image recognition, assess images by first resizing them to their fitting input size. In particular, high resolution images are scaled down, say to \(224 \times 224\) for CNNs trained on ImageNet. So far, existing attacks, that aim at creating an adversarial image that a CNN would misclassify while a human would not notice any difference between the modified and the unmodified image, actually work in the \(224 \times 224\) resized domain and not in the high resolution domain. Indeed, attacking high resolution images directly leads to complex challenges in terms of speed, adversity and visual quality, that make these attacks infeasible in practice. We design an indirect strategy that addresses effectively this issue. It lifts to the high resolution domain any existing attack that works in the CNN’s input size domain. The adversarial noise is of the same size as the original image. We apply this strategy to construct efficiently high resolution adversarial images of good visual quality that fool VGG-16 trained on ImageNet.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., et al.: TensorFlow: Large-scale machine learning on heterogeneous systems (2015). https://www.tensorflow.org/software available from tensorflow.org

  2. Agrafiotis, D.: Chapter 9 - video error concealment. In: Theodoridis, S., Chellappa, R. (eds.) Academic Press Library in signal processing, academic press library in signal processing, vol. 5, pp. 295–321. Elsevier (2014). https://doi.org/10.1016/B978-0-12-420149-1.00009-0, https://www.sciencedirect.com/science/article/pii/B9780124201491000090

  3. Baluja, S., Fischer, I.: Adversarial transformation networks: learning to generate adversarial examples. arXiv preprint arXiv:1703.09387 (2017)

  4. Mukherjee, I., Canini, K., Frongillo, R., Singer, Y.: Parallel boosting with momentum. In: Blockeel, H., Kersting, K., Nijssen, S., Železný, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 17–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40994-3_2

    Chapter  Google Scholar 

  5. Blier, L.: A brief report of the heuritech deep learning meetup\(\# 5\) (2016). https://heuritech.wordpress.com/2016/02/29/a-brief-report-of-the-heuritech-deep-learning-meetup-5/

  6. Brendel, W., Rauber, J., Bethge, M.: Decision-based adversarial attacks: reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248 (2017)

  7. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57 IEEE (2017)

    Google Scholar 

  8. Chitic, R., Bernard, N., Leprévost, F.: A proof of concept to deceive humans and machines at image classification with evolutionary algorithms. In: Nguyen, N.T., Jearanaitanakij, K., Selamat, A., Trawiński, B., Chittayasothorn, S. (eds.) ACIIDS 2020. LNCS (LNAI), vol. 12034, pp. 467–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42058-1_39

    Chapter  Google Scholar 

  9. Chitic, R., Leprévost, F., Bernard, N.: Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios. J. Inf. Telecommun. 5, 1–23 (2020)

    Google Scholar 

  10. Chollet, F., et al.: Keras. https://keras.io (2015)

  11. Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: The ImageNet Image Database (2009). http://image-net.org

  12. Duchon, C.E.: Lanczos filtering in one and two dimensions. J. Appl. Meteorol. Climatol. 18(8), 1016–1022 (1979)

    Article  Google Scholar 

  13. Guo, C., Gardner, J., You, Y., Wilson, A.G., Weinberger, K.: Simple black-box adversarial attacks. In: International Conference on Machine Learning, pp. 2484–2493 PMLR (2019)

    Google Scholar 

  14. Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv preprint arXiv:1702.05983 (2017)

  15. Jere, M., Rossi, L., Hitaj, B., Ciocarlie, G., Boracchi, G., Koushanfar, F.: Scratch that! an evolution-based adversarial attack against neural networks. arXiv preprint arXiv:1912.02316 (2019)

  16. Keys, R.: Cubic convolution interpolation for digital image processing. IEEE Trans. Acoust. Speech Sign. Process. 29(6), 1153–1160 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  17. Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10 (canadian institute for advanced research). http://www.cs.toronto.edu/kriz/cifar.html

  18. Li, X., Orchard, M.T.: New edge-directed interpolation. IEEE Trans. Image Process. 10(10), 1521–1527 (2001)

    Article  Google Scholar 

  19. Oliphant, T.E.: A guide to NumPy. Trelgol Publishing USA (2006)

    Google Scholar 

  20. Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506–519 (2017)

    Google Scholar 

  21. Parsania, P.S., Virparia, P.V.: A comparative analysis of image interpolation algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 5(1), 29–34 (2016)

    Article  Google Scholar 

  22. Patel, V., Mistree, K.: A review on different image interpolation techniques for image enhancement. Int. J. Emerg. Technol. Adv. Eng. 3(12), 129–133 (2013)

    Google Scholar 

  23. Schulter, S., Leistner, C., Bischof, H.: Fast and accurate image upscaling with super-resolution forests. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2015)

    Google Scholar 

  24. SpeedyGraphito: Mes 400 Coups. Panoramart (2020)

    Google Scholar 

  25. Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)

  26. Topal, A.O., Chitic, R., Leprévost, F.: One evolutionary algorithm deceives humans and ten convolutional neural networks trained on imagenet at image recognition. (Under review), pp. 67–480 (2022)

    Google Scholar 

  27. Van Rossum, G., Drake, F.L.: Python 3 Reference Manual. CreateSpace, Scotts Valley, CA (2009)

    Google Scholar 

  28. Van der Walt, S., et al.: The scikit-image contributors: scikit-image: image processing in Python. PeerJ 2, (2014). https://doi.org/10.7717/peerj.453

  29. Ye, M., Lyu, D., Chen, G.: Scale-iterative upscaling network for image deblurring. IEEE Access 8, 18316–18325 (2020). https://doi.org/10.1109/ACCESS.2020.2967823

    Article  Google Scholar 

  30. Zhang, X., Wu, X.: Image interpolation by adaptive 2-D autoregressive modeling and soft-decision estimation. IEEE Trans. Image Process. 17(6), 887–896 (2008)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments

The authors express their gratitude to Speedy Graphito and to Bernard Utudjian for their interest in this work.

Author information

Authors and Affiliations

  1. University of Luxembourg, House of Numbers, 6, Avenue de la Fonte, 4364, Esch-sur-Alzette, Luxembourg

    Franck Leprévost, Ali Osman Topal, Elmir Avdusinovic & Raluca Chitic

Authors
  1. Franck Leprévost
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Osman Topal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elmir Avdusinovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Raluca Chitic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Osman Topal .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Ngoc Thanh Nguyen

  2. Vietnam National University, Ho Chi Minh City, Ho Chi Minh City, Vietnam

    Tien Khoa Tran

  3. Al-Farabi Kazakh National University, Almaty, Kazakhstan

    Ualsher Tukayev

  4. National University of Kaohsiung, Kaohsiung, Taiwan

    Tzung-Pei Hong

  5. Wrocław University of Science and Technology, Wrocław, Poland

    Bogdan Trawiński

  6. University of Newcastle, Newcastle, NSW, Australia

    Edward Szczerbicki

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leprévost, F., Topal, A.O., Avdusinovic, E., Chitic, R. (2022). Strategy and Feasibility Study for the Construction of High Resolution Images Adversarial Against Convolutional Neural Networks. In: Nguyen, N.T., Tran, T.K., Tukayev, U., Hong, TP., Trawiński, B., Szczerbicki, E. (eds) Intelligent Information and Database Systems. ACIIDS 2022. Lecture Notes in Computer Science(), vol 13757. Springer, Cham. https://doi.org/10.1007/978-3-031-21743-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-21743-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-21742-5

  • Online ISBN: 978-3-031-21743-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation