Loading...

Improving Robustness of Deep Neural Networks Against Adversarial Examples in Image

Mahabadi Mohamadi, Mohamad | 2021

189 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 54683 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Kasaei, Shohreh
  7. Abstract:
  8. Despite widespread applications and high performance of deep neural networks in the fields of computer vision, they have been shown to be vulnerable to adversarial examples. An adversarial example is a perturbated image that the magnitude of its difference with its corresponding natural image is small and yet given such example, the network produces incorrect output. In recent years, many approaches have been proposed to increase the robustness of DNNs against adversarial examples with adversarial training being proposed as the most effective defense measure. Approaches based on adversarial training try to increase the robustness of the network by training on the adversarial examples. One of the main issues with adversarial training methods proposed in previous studies is that almost all of them are designed with respect to the classification task and have paid little attention to the semantic segmentation despite its applications. High cost of training each epoch and overfitting of the networks trained using these methods on adversarial examples can also be mentioned as other issues with using adversarial training. In this research, an adversarial training algorithm is proposed which can be used in common with both classification and semantic segmentation tasks. In each epoch, the proposed algorithm first trains the network using stochastic gradient descent on the dataset and then changes the dataset to increase loss and then iterates to the next epoch. Thus, the time complexity of each epoch in the proposed method is no different from ordinary SGD training of the network. The proposed algorithm uses a random mask to increase the variability of produced examples and after some number of epochs, uses a denoising autoencoder to send the examples to the natural data manifold. The proposed method is evaluated on MNIST for classification using the accuracy metric and on Pascal VOC for semantic segmentation using mean intersection over union metric and achieves 91.5% against FGSM and 86.6% against PGD in classification which is competitive with the state-of-the-art result
  9. Keywords:
  10. Deep Neural Networks ; Robustness ; Classification ; Segmentation ; Adversarial Example ; Defense ; Semantic Segmentation

 Digital Object List

 Bookmark

No TOC