top of page
Fooling Deep Neural Networks
for Image Classification
Students: Gal Erez and Amit Klein
Supervisor: Prof. Yosef Ben Ezra
להסבר מוקלט
Introduction
- Artificial Intelligence’s (AI) increased in popularity over the past years.
- At the heart of AI is a widely used and highly performant subfield in Deep Learning (DL), inspired by the functions of the brain.
- DL is achieved by using Deep Neural Networks (DNNs) which are able to solve many complicated problems.
- It was recently discovered that DNNs have a crucial vulnerability to adversarial attacks in the form of small perturbations (noises) which are almost imperceptible to the human eye.
Project Rational & Goals:
- Adversarial attacks have potentially dangerous implications when used on critical applications such as self-driving vehicles.
- Significant knowledge must be gained in order to devise defenses.
- A decision was made to review and test well-known attacks on a state-of-the-art DNN image classifier.
Work Process & Execution
- The software pipeline was implemented in the Python programming language.
- A high-end computer ran the pipeline due to DNNs’ computational demands.
Results
* The results above contain a partial list of the full results.
Summary & Conclusions
- Successful implementation of two different adversarial attacks was achieved on a well-known state-of-the-art DNN.
- Top-1 and top-5 accuracy scores reduced drastically.
- The perturbation magnitude factor (ε) impacted the tradeoff between perceptibility and accuracy –
ε↑ ⇒Perceptibility↑ , Accuracy↓
- A model trained on subsets of a certain archetype, such as vehicles had an impact on different types of attacks.
bottom of page