Abstract
The aim of this work is to investigate adversarial examples and look for commonalities and disparities between different adversarial attacks and attacked classifier model behaviours. The research focuses on untargeted, gradient-based attacks. The experiment uses 16 attacks on 4 models and 1000 images. This resulted in 64,000 adversarial examples. The resulting classification predictions of the adversarial examples (adversarial labels) are analysed. It is found that light-weight neural network classifiers are more suspectable to attacks compared to the models with a larger or more complex architecture. It is also observed that similar adversarial attacks against a light-weight model often result in the same adversarial label. Moreover, the attacked models have more influence over the resulting adversarial label as compared to the adversarial attack algorithm itself. These finding are helpful in understanding the intriguing vulnerability of deep learning to adversarial examples.
Original language | English |
---|---|
Title of host publication | Proceedings of the 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications |
Editors | Giovanni Maria Farinella, Petia Radeva, Jose Braz, Kadi Bouatouch |
Publisher | Scitepress |
Pages | 585-592 |
Number of pages | 8 |
Volume | 5 |
ISBN (Print) | 978-989-758-488-6 |
DOIs | |
Publication status | Published - 10 Feb 2021 |
Event | 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Vienna, Austria Duration: 8 Feb 2021 → 10 Feb 2021 |
Conference
Conference | 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications |
---|---|
Abbreviated title | VISIGRAPP |
Country/Territory | Austria |
City | Vienna |
Period | 8/02/21 → 10/02/21 |