Date of Award


Publication Type


Degree Name



Computer Science


Adversarial attacks, Deep learning, Pairwise learning, Siamese neural networks, Triplet loss


M. Hassanzadeh


S. Saad




Both Convolutional neural networks (CNN) and Deep neural networks (DNN)have recently demonstrated state-of-the-art performance in various real-world ap- plications. However, in recent research the Deep neural networks are shown to be sensitive to adversarial attacks .[32]. Furthermore, it was evidenced that inputs that are almost invariant to the human eye from natural data can be classified incorrectly by deep neural networks. [32]. Although adversarial training improves the model’s robustness significantly, it eventually devolves into a whack-a-mole game in which defenders and attackers try to outdo each other. Because of recent advancements in computer applications, the security aspects of machine learning are becoming increas- ingly important. With this in mind, an obvious research question arises: ”How can we build deep neural networks that are resistant to adversarial inputs?”. I propose the first-ever attempt to detect first-order adversarial attacks using Siamese Neural Networks (SNN) in this research. The contribution was empirically tested on MNIST [17], CIFAR-10 [35], CIFAR-100 [35], ImageNet [36] using FGSM [64], PGD [44], Car- lini [15], DeepFool [43], and dual PGD methods to generate Black-Box and White-box untargeted adversarial attacks. I show that my model consistently has higher accu- racy on first order adversarial attacks [56], without decreasing generalization. The accuracy of my model against black-box attacks reached 98.9% on MNIST, 93.7% on CIFAR-10, 57.98% on CIFAR-100, and 34.4% on ImageNet.