A gradient-based algorithm to deceive deep neural networks

Abstract

Deep neural networks have achieved high performance in a variety of image recognition tasks. However, it is reported that the performance on image recognition of these networks is unstable to slight perturbations of images. To verify this weakness, we propose DeceiveDeep, a gradient-based algorithm for deceiving deep neural networks in this paper. There exists a lot of gradient-based attack methods, such as the L-BFGS, FGSM, and Deepfool. Specifically, based on an original method, L-BFGS, we exploit the Euclid norm of the gradient to update the space vector in an image to generate a deceivable image for fooling deep neural networks. We construct three types of deep neural network models and one convolutional neural network for testing the proposed algorithm. Based on the MNIST dataset and the Fashion-MNIST dataset, we evaluate the effectiveness of DeceiveDeep in terms of accuracy on training and testing data, and CNN model, respectively. The experimental results show that, comparing with L-BFGS, DeceiveDeep dramatically decreases the accuracy of the deep models on image recognition.