Rendezvous97/Examining-Adversarial-Attacks-on-Image-Classification-Models

Current research on adversarial examples is largely focussed on deriving general defences against these attacks for all ML models irrespective of their architecture. In contrast to this methodology, we believe that each network architecture needs to be examined separately in order to make effective and specialized defensive capabilities. We must analyze the robustness of each architecture in isolation against different types of adversarial examples to understand the extent to which they are susceptible. Therefore, In this paper, we examine the extent to which Variational Auto-Encoders (Convolutional and Vanilla) and Convolutional Neural Networks (CNNs) are vulnerable to several gradient-based attacks on two types of datasets — high pixel density (Labelled Faces in the Wild dataset) and low pixel density (MNIST). Our aim is to review the confidence of each attack, its validity and hence, the degree of effectiveness of the attack taking place for both types of architectures. Additionally, we also examine the role siamese networks could potentially play in creating more secure and robust systems.

Jupyter Notebook