One Pixel Attack

Has anybody read anything about the one Pixel Attack?

Figure 8 shows a dog apparently, but then they add a pixel to 9 different iterations of the image and it changes the prediction. This is only a 32x32 Pixel image, but is this something anybody here has looked into at all? I am very surprised this happened just because I would think a convolution would make this a non-factor. Mostly just looking for a discussion on this paper and concept.


OpenAI wrote about adversarial examples back in February, but this was their example:


I’m impressed that these authors have gotten some examples down to one pixel. I like their “we’re not trying to be mean” paragraph:

In addition, it is known that investigating the robustness problem of DNN can bring critical clues for understanding the geometrical features of the DNN decision map in high dimensional input space. The results of conducting few-pixels attack contribute quantitative measurements and analysis to the geometrical understanding from a different perspective compared to previous works

Thanks for sharing this.

1 Like

Also very interested in this and would love to know what @jeremy thinks … :slight_smile: Some people are a bit worried about the reputation of deep learning for critical decision making, so I would like to understand how serious this is.
Is there an explanation based on what we have learned? My guess it exploits the fact that convolutional networks works best on continuous data, and if you put in discrete non-linearities suitably placed at a decision boundaries, you could get these effects. But I am just guessing. Also guessing that you could fix it by data augmentation and redundant features.