CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 13039 > Article
Presentation + Paper
7 June 2024 Black box phase-based adversarial attacks on image classifiers
Scott G. Hodes, Kory J. Blose, Timothy J. Kane
Author Affiliations +
Proceedings Volume 13039, Automatic Target Recognition XXXIV; 1303905 (2024) https://doi.org/10.1117/12.3013308
Event: SPIE Defense + Commercial Sensing, 2024, National Harbor, Maryland, United States
Abstract
We propose a new method of utilizing a spatial light modulator to generate adversarial examples against image classifiers within a black box scenario. The method incorporates a simple-shape-focused strategy that queries the target network and estimates the effect of perturbing specific regions of the Fourier plane. This work is an extension of previous work that uses a spatial light modulator to perturb the phase of incoming light to generate adversarial patterns using l2-norm optimization. Our new method simply uses the final logits of the target network, allowing for it to be used not only in “white box” scenarios but also in the information-constrained “black box” scenarios. Our shape-based algorithm is shown to be widely effective on the original dataset benchmark without the requirement of knowledge about the target network architecture. Our experiments explore how manipulating the size, shape, number, and magnitude of the regions tested affects the efficacy and pattern cycles needed to generate a successful attack. Different combinations showed a range of average efficacy between 32% and 63% under a consistent objective function. Our new method also proved to be effective on a smaller dataset (meaning fewer classes for classification to be misdirected towards). We validate our method using a physical setup.
Conference Presentation
(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Scott G. Hodes, Kory J. Blose, and Timothy J. Kane "Black box phase-based adversarial attacks on image classifiers", Proc. SPIE 13039, Automatic Target Recognition XXXIV, 1303905 (7 June 2024); https://doi.org/10.1117/12.3013308
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 20 PAGES + PRESENTATION
DOWNLOAD PAPER SAVE TO MY LIBRARY
WATCH
PRESENTATION
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Image classification
Neural networks
Spatial light modulators
Fourier optics
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top