פוסטר 4 | engineeringHIT

Fooling Deep Neural Networks

for Image Classification

Students: Gal Erez and Amit Klein

Supervisor: Prof. Yosef Ben Ezra

להסבר מוקלט

Introduction

- Artificial Intelligence’s (AI) increased in popularity over the past years.

- At the heart of AI is a widely used and highly performant subfield in Deep Learning (DL), inspired by the functions of the brain.

- DL is achieved by using Deep Neural Networks (DNNs) which are able to solve many complicated problems.

- It was recently discovered that DNNs have a crucial vulnerability to adversarial attacks in the form of small perturbations (noises) which are almost imperceptible to the human eye.

Project Rational & Goals:

- Adversarial attacks have potentially dangerous implications when used on critical applications such as self-driving vehicles.

- Significant knowledge must be gained in order to devise defenses.

- A decision was made to review and test well-known attacks on a state-of-the-art DNN image classifier.

Work Process & Execution

- The software pipeline was implemented in the Python programming language.

- A high-end computer ran the pipeline due to DNNs’ computational demands.

Results

* The results above contain a partial list of the full results.

Summary & Conclusions

- Successful implementation of two different adversarial attacks was achieved on a well-known state-of-the-art DNN.

- Top-1 and top-5 accuracy scores reduced drastically.

- The perturbation magnitude factor (ε) impacted the tradeoff between perceptibility and accuracy –

ε↑ ⇒Perceptibility↑ , Accuracy↓

- A model trained on subsets of a certain archetype, such as vehicles had an impact on different types of attacks.

חזרה לפרוייקטים

Fooling Deep Neural Networks

for Image Classification

Students: Gal Erez and Amit Klein

Supervisor: Prof. Yosef Ben Ezra

להסבר מוקלט

Introduction

- Artificial Intelligence’s (AI) increased in popularity over the past years.

- At the heart of AI is a widely used and highly performant subfield in Deep Learning (DL), inspired by the functions of the brain.

​

- DL is achieved by using Deep Neural Networks (DNNs) which are able to solve many complicated problems.

​

- It was recently discovered that DNNs have a crucial vulnerability to adversarial attacks in the form of small perturbations (noises) which are almost imperceptible to the human eye.

Project Rational & Goals:

- Adversarial attacks have potentially dangerous implications when used on critical applications such as self-driving vehicles.

​

- Significant knowledge must be gained in order to devise defenses.

​

- A decision was made to review and test well-known attacks on a state-of-the-art DNN image classifier.

Work Process & Execution

- The software pipeline was implemented in the Python programming language.

​

- A high-end computer ran the pipeline due to DNNs’ computational demands.

Results

* The results above contain a partial list of the full results.

Summary & Conclusions

- Successful implementation of two different adversarial attacks was achieved on a well-known state-of-the-art DNN.

​

- Top-1 and top-5 accuracy scores reduced drastically.

​

- The perturbation magnitude factor (ε) impacted the tradeoff between perceptibility and accuracy –

​

​

- A model trained on subsets of a certain archetype, such as vehicles had an impact on different types of attacks.