In recent years, a series of researches have revealed that the Deep Neural Network (DNN) is vulnerable to adversarial attack, and a number of attack methods have been proposed. Among those methods, an extremely sly type of attack named the one-pixel attack can mislead DNNs to misclassify an image via only modifying one pixel of the image, leading to severe security threats to DNN-based information systems. Currently, no method can really detect the one-pixel attack, for which the blank will be filled by this paper. This paper proposes two detection methods, including trigger detection and candidate detection. The trigger detection method analyzes the vulnerability of DNN models and gives the most suspected pixel that is modified by the one-pixel attack. The candidate detection method identifies a set of most suspected pixels using a differential evolution-based heuristic algorithm. The real-data experiments show that the trigger detection method has a detection success rate of 9.1%, and the candidate detection method achieves a detection success rate of 30.1%, which can validate the effectiveness of our methods.

中文翻译：

---

一像素攻击的检测机制

近年来，一系列研究表明，深度神经网络（DNN）容易受到对抗性攻击，因此提出了多种攻击方法。在这些方法中，一种极其狡猾的攻击方式称为“单像素攻击”，它仅通过修改图像的一个像素就可以误导DNN对图像进行错误分类，从而给基于DNN的信息系统带来严重的安全威胁。当前，没有一种方法能够真正检测到单像素攻击，本文将为此填补空白。本文提出了两种检测方法，包括触发检测和候选检测。触发检测方法分析了DNN模型的脆弱性，并给出了最容易被一像素攻击修改的像素。候选检测方法使用基于差分演化的启发式算法来识别一组最可疑像素。实际数据实验表明，触发检测方法的检测成功率为9.1％，候选检测方法的检测成功率为30.1％，可以验证我们方法的有效性。