Defence on unrestricted adversarial examples
Deep neural networks in image classification have gained popularity in recent years, and as such, have also become the target of attacks. Adversarial samples are inputs crafted to fool neural networks into misclassification. They come in two forms: one is created by adding specific perturbatio...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/149008 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-149008 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1490082021-05-24T12:24:16Z Defence on unrestricted adversarial examples Chan, Jarod Yan Cheng Jun Zhao School of Computer Science and Engineering junzhao@ntu.edu.sg Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Deep neural networks in image classification have gained popularity in recent years, and as such, have also become the target of attacks. Adversarial samples are inputs crafted to fool neural networks into misclassification. They come in two forms: one is created by adding specific perturbations to pixels in an image and the second is through generative models or transformations, called unrestricted adversarial samples, which will be the focus of this paper. Conventional methods that make use of the neural network’s gradients are less effective against unrestricted adversarial samples. This paper proposes making use of Generative Adversarial Networks (GANs) which are neural networks that generate images through learning the differences between real and fake images. Transfer learning is used from parts of the GAN to train a general network to distinguish between images created by generative models and real images. Neural networks can be protected from unrestricted adversarial attack through detection of the presence of adversarial images and prevent them from being input to the neural networks. Experiments from the project show that when trained on a dataset of real and adversarial images, the model can differentiate these two classes of images. Testing on images outside of the dataset distribution however yields worse results. Bachelor of Engineering (Computer Science) 2021-05-24T12:24:16Z 2021-05-24T12:24:16Z 2021 Final Year Project (FYP) Chan, J. Y. C. (2021). Defence on unrestricted adversarial examples. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/149008 https://hdl.handle.net/10356/149008 en SCSE20-0292 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Chan, Jarod Yan Cheng Defence on unrestricted adversarial examples |
| description |
Deep neural networks in image classification have gained popularity in recent years, and as
such, have also become the target of attacks. Adversarial samples are inputs crafted to fool
neural networks into misclassification. They come in two forms: one is created by adding
specific perturbations to pixels in an image and the second is through generative models or
transformations, called unrestricted adversarial samples, which will be the focus of this paper.
Conventional methods that make use of the neural network’s gradients are less effective
against unrestricted adversarial samples. This paper proposes making use of Generative
Adversarial Networks (GANs) which are neural networks that generate images through
learning the differences between real and fake images. Transfer learning is used from parts of
the GAN to train a general network to distinguish between images created by generative
models and real images. Neural networks can be protected from unrestricted adversarial
attack through detection of the presence of adversarial images and prevent them from being
input to the neural networks.
Experiments from the project show that when trained on a dataset of real and adversarial
images, the model can differentiate these two classes of images. Testing on images outside of
the dataset distribution however yields worse results. |
| author2 |
Jun Zhao |
| author_facet |
Jun Zhao Chan, Jarod Yan Cheng |
| format |
Final Year Project |
| author |
Chan, Jarod Yan Cheng |
| author_sort |
Chan, Jarod Yan Cheng |
| title |
Defence on unrestricted adversarial examples |
| title_short |
Defence on unrestricted adversarial examples |
| title_full |
Defence on unrestricted adversarial examples |
| title_fullStr |
Defence on unrestricted adversarial examples |
| title_full_unstemmed |
Defence on unrestricted adversarial examples |
| title_sort |
defence on unrestricted adversarial examples |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/149008 |
| _version_ |
1701270491095891968 |