Adversarial machine learning is an active trend in artificial intelligence that attempts to fool deep learning models by causing malfunctions during the prediction of decisions. In this work, we are interested in image classification, and propose a black box for adversarial examples generation which is driven by an optimization algorithm. The main ideas of the used approach are firstly inspired from the steganography principles in which hiding information in image pixels with minimal payload capacity to reduce the distortion between the real image and the adversarial image constitutes a constraint to be respected. In fact, this distance must be sufficient to lead to deceive an already trained classifier. Secondly, the selection of relevant pixels for embedding information bits is mainly done by the optimization algorithm Smell Bees Optimization (SBO). Some investigations are done on Convolutional neural network, Softmax classifier and Residual network, providing good results on both MINST and CIFAR datasets.

对抗性机器学习是人工智能的一个活跃趋势，它试图通过在决策预测过程中造成故障来欺骗深度学习模型。在这项工作中，我们对图像分类感兴趣，并提出了一个由优化算法驱动的用于对抗性示例生成的黑盒。所用方法的主要思想首先受到隐写术原理的启发，其中将信息隐藏在具有最小有效载荷能力的图像像素中以减少真实图像和对抗图像之间的失真构成要遵守的约束。事实上，这个距离必须足以导致欺骗已经训练好的分类器。第二，用于嵌入信息位的相关像素的选择主要由优化算法 Smell Bees Optimization (SBO) 完成。对卷积神经网络、Softmax 分类器和残差网络进行了一些研究，在 MINST 和 CIFAR 数据集上都提供了良好的结果。