Date of Award

1-1-2022

Publication Type

Thesis

Degree Name

M.A.Sc.

Department

Computer Science

Supervisor

M. Hassanzadeh

Keywords

Adversarial attacks, Deep learning, Pairwise learning, Siamese neural networks, Triplet loss

Rights

info:eu-repo/semantics/openAccess

Abstract

Both Convolutional neural networks (CNN) and Deep neural networks (DNN)have recently demonstrated state-of-the-art performance in various real-world ap- plications. However, in recent research the Deep neural networks are shown to be sensitive to adversarial attacks .[32]. Furthermore, it was evidenced that inputs that are almost invariant to the human eye from natural data can be classified incorrectly by deep neural networks. [32]. Although adversarial training improves the model’s robustness significantly, it eventually devolves into a whack-a-mole game in which defenders and attackers try to outdo each other. Because of recent advancements in computer applications, the security aspects of machine learning are becoming increas- ingly important. With this in mind, an obvious research question arises: ”How can we build deep neural networks that are resistant to adversarial inputs?”. I propose the first-ever attempt to detect first-order adversarial attacks using Siamese Neural Networks (SNN) in this research. The contribution was empirically tested on MNIST [17], CIFAR-10 [35], CIFAR-100 [35], ImageNet [36] using FGSM [64], PGD [44], Car- lini [15], DeepFool [43], and dual PGD methods to generate Black-Box and White-box untargeted adversarial attacks. I show that my model consistently has higher accu- racy on first order adversarial attacks [56], without decreasing generalization. The accuracy of my model against black-box attacks reached 98.9% on MNIST, 93.7% on CIFAR-10, 57.98% on CIFAR-100, and 34.4% on ImageNet.

Download
COinS