When George Clooney Is Not George Clooney: Using GenAttack to Deceive Amazon’s and Naver’s Celebrity Recognition APIs - ICT Systems Security and Privacy Protection
Conference Papers Year : 2018

When George Clooney Is Not George Clooney: Using GenAttack to Deceive Amazon’s and Naver’s Celebrity Recognition APIs

Abstract

In recent years, significant advancements have been made in detecting and recognizing contents of images using Deep Neural Networks (DNNs). As a result, many companies offer image recognition APIs for use in diverse applications. However, image classification algorithms trained with DNNs can misclassify adversarial examples, posing a significant threat to critical applications. In this work, we present a novel way to generate adversarial example images using an evolutionary genetic algorithm (GA). Our algorithm builds adversarial images by iteratively adding noise to the original images. Unlike DNN based adversarial example generations by other researchers, our approach does not require GPU resources and access to the target DNNs’ parameters. We design, GenAttack, a simple yet powerful attack algorithm to create adversarial examples using complex celebrity images and evaluate those with real-world celebrity recognition APIs from Amazon and Naver. With our attack, we successfully deceive Amazon’s and Naver’s APIs with a success probability of 86.6% and 100%, respectively. Our work demonstrates the practicability of generating adversarial examples and successfully fooling the state-of-the-art commercial image recognition systems.
Fichier principal
Vignette du fichier
472722_1_En_25_Chapter.pdf (2.7 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02023746 , version 1 (21-02-2019)

Licence

Identifiers

Cite

Keeyoung Kim, Simon S. Woo. When George Clooney Is Not George Clooney: Using GenAttack to Deceive Amazon’s and Naver’s Celebrity Recognition APIs. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.355-369, ⟨10.1007/978-3-319-99828-2_25⟩. ⟨hal-02023746⟩
209 View
130 Download

Altmetric

Share

More