Your browser does not allow JavaScript!
JavaScript is necessary for the proper functioning of this website. Please enable JavaScript or use a modern browser.
Repository of the University of Ljubljana
Open Science Slovenia
Open Science
DiKUL
slv
|
eng
Search
Browse
New in RUL
About RUL
In numbers
Help
Sign in
Details
An experimental evaluation of adversarial examples and methods of defense
ID
Šircelj, Jaka
(
Author
),
ID
Skočaj, Danijel
(
Mentor
)
More about this mentor...
PDF - Presentation file,
Download
(2,67 MB)
MD5: FC97396BA6FEBA68500FE62024F04B99
Image galllery
Abstract
In this thesis we perform an experimental analysis and evaluation of different methods for creating adversarial examples, and learn how these affect different types of image classifiers, with the intent to obtain a better understanding of adversarial examples. The adversarial methods are hard to compare, since they use different types of parameters. We introduce a novel visualization technique, called accuracy-perturbation curve, that allows us to perform our comparison much more in depth, without the need to find optimal parameters. With this technique we also evaluate the successfulness of adversarial training as a defensive method. The results showed that radial basis function network classifiers possess an intrinsic property that makes them stronger on adversarial examples, compared to other classifiers, like CNNs, even though they perform poorly on clean images. Also, we noticed a weak correlation between the classifiers ability to generalize and its robustness against attacks.
Language:
English
Keywords:
adversarial examples
,
neural networks
,
deep learning
,
image classification
Work type:
Master's thesis/paper
Organization:
FRI - Faculty of Computer and Information Science
Year:
2019
PID:
20.500.12556/RUL-111417
COBISS.SI-ID:
1538387139
Publication date in RUL:
30.09.2019
Views:
1945
Downloads:
374
Metadata:
Cite this work
Plain text
BibTeX
EndNote XML
EndNote/Refer
RIS
ABNT
ACM Ref
AMA
APA
Chicago 17th Author-Date
Harvard
IEEE
ISO 690
MLA
Vancouver
:
ŠIRCELJ, Jaka, 2019,
An experimental evaluation of adversarial examples and methods of defense
[online]. Master’s thesis. [Accessed 8 April 2025]. Retrieved from: https://repozitorij.uni-lj.si/IzpisGradiva.php?lang=eng&id=111417
Copy citation
Share:
Secondary language
Language:
Slovenian
Title:
Eksperimentalno ovrednotenje nasprotniških primerov in načinov obrambe
Abstract:
V tem delu opravimo eksperimentalno analizo in evalvacijo različnih metod generiranja nasprotniških primerov oz. evalviramo njihove vplive na različne tipe klasifikatorjev slik. Namen analize je bil pridobiti čim več znanja o nasprotniških primerih. Metode ustvarjanja nasprotniških primerov je zahtevno primerjati, ker vse uporabljajo drugačne tipe parametrov. Da se znebimo skrbi glede določanja optimalnih parametrov, uvedemo točnostno-perturbacijsko krivuljo, s katero lahko veliko bolj natančno ocenimo, koliko je klasifikator robusten pri obrambi oz. koliko je generator nasprotniških primerov uspešen pri napadu. S to krivuljo smo analizirali tudi obrambno metodo učenja na nasprotniških primerih. Rezultati kažejo, da so mreže z radialnimi baznimi funkcijami naravno bolj robustne proti takšnim napadom, tudi če v večini primerov niso primerne za klasifikacijo slik. Opazili smo še šibko korelacijo med zmožnostjo generalizacije klasifikatorjev ter njihovo odpornostjo pred nasprotniškimi primeri.
Keywords:
nasprotniški primeri
,
nevronske mreže
,
globoko učenje
,
klasifikacija slik
Similar documents
Similar works from RUL:
Automatic text summarization of Slovene texts using deep neural networks
Automatic punctuation in raw word sequences
Superposition and compression of deep neutral networks
A design framework for prediction models based on the order book
Object tracking by segmentation and color depth image prediction
Similar works from other Slovenian collections:
No similar works found
Back
