Research Article
Detection Mechanisms of One-Pixel Attack
Algorithm 1 Algorithm of candidate detection method.
| Input: an adversarial image generated by a one-pixel attack, a DNN classifier, and a label set with | | Output: a set of pixels containing candidate victim pixels | | 1: Initialize model with the target DNN model | | 2: Randomly chose pixels from the image, and for each point, randomly set a color as present pixel set | | 3: Calculate the confidence of the image on all labels | | 4: for all each label do | | 5: while true do | | 6: Calculate the change of the confidence on when modifying with parent pixels | | 7: Generate offspring pixels based on Equation (5) | | 8: Calculate the change of confidence on when modifying with offspring pixels | | 9: Select pixels with the highest confidence changed as new parent pixels | | 10: if all top confidences changed on targets are larger than then | | 11: Save the top pixels as candidate victim pixels | | 12: Set | | 13: Break while loop | | 14: end if | | 15: if while loop is over times then | | 16: Break while loop | | 17: end if | | 18: end while | | 19: end for | | 20: if AttackSucc is true then | | 21: return candidate victim pixels | | 22: else | | 23: return fail to find candidates | | 24: end if |
|
Algorithm 1 Algorithm of candidate detection method. |
