Sharif Digital Repository

The remarkable progress of deep neural networks in recent years has led to their entry into the industry and their use in the real world. However, one of the most important and basic issues that threaten the security of these networks is attacks. The attacks that deliberately manipulate input data cause vulnerabilities and misclassify networks. Due to the wide range of ways in which attacks can perturb input data, identifying their types is considered a vital part of ensuring a robust network. The inability of deep networks to generalize to unseen data is also an important limitation. This thesis presents a 2D adversarial attack and a 3D defense in this regard.In 2D attacks, the type of... 

Despite widespread applications and high performance of deep neural networks in the fields of computer vision, they have been shown to be vulnerable to adversarial examples. An adversarial example is a perturbated image that the magnitude of its difference with its corresponding natural image is small and yet given such example, the network produces incorrect output. In recent years, many approaches have been proposed to increase the robustness of DNNs against adversarial examples with adversarial training being proposed as the most effective defense measure. Approaches based on adversarial training try to increase the robustness of the network by training on the adversarial examples. One of...