Analysing Adversarial Examples for Deep Learning

Research output: Chapter in Book/Conference paperConference paper

Abstract

The aim of this work is to investigate adversarial examples and look for commonalities and disparities between different adversarial attacks and attacked classifier model behaviours. The research focuses on untargeted, gradient-based attacks. The experiment uses 16 attacks on 4 models and 1000 images. This resulted in 64,000 adversarial examples. The resulting classification predictions of the adversarial examples (adversarial labels) are analysed. It is found that light-weight neural network classifiers are more suspectable to attacks compared to the models with a larger or more complex architecture. It is also observed that similar adversarial attacks against a light-weight model often result in the same adversarial label. Moreover, the attacked models have more influence over the resulting adversarial label as compared to the adversarial attack algorithm itself. These finding are helpful in understanding the intriguing vulnerability of deep learning to adversarial examples.
Original languageEnglish
Title of host publicationProceedings of the 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications
EditorsGiovanni Maria Farinella, Petia Radeva, Jose Braz, Kadi Bouatouch
PublisherScitepress
Pages585-592
Number of pages8
Volume5
ISBN (Print)978-989-758-488-6
DOIs
Publication statusPublished - 10 Feb 2021
Event16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Vienna, Austria
Duration: 8 Feb 202110 Feb 2021

Conference

Conference16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications
Abbreviated titleVISIGRAPP
CountryAustria
CityVienna
Period8/02/2110/02/21

Fingerprint Dive into the research topics of 'Analysing Adversarial Examples for Deep Learning'. Together they form a unique fingerprint.

Cite this