Tell a friend
Print
von der Lehr, Fabrice (2021) Adversarial Examples and Robust Training of Deep Neural Networks for Image Classification. Bachelor's, DHBW Mannheim.
![[img]](https://elib.dlr.de/style/images/fileicons/application_pdf.png) |
PDF
8MB |
Abstract
Deep neural networks (DNNs) have become a powerful tool for image classification tasks in recent years, being nowadays also relevant for safety-critical applications like autonomous driving. Despite being highly accurate even for unknown images, the existence of so-called "adversarial examples" nevertheless calls the robustness of DNNs into question: These are slightly, but purposefully perturbed versions of natural images, being only barely distinguishable from their unperturbed originals, but causing the DNN to misclassify them. In the scope of this work, two white-box attacks (Fast Gradient Sign Method, Projected Gradient Descent) and a black-box attack (Boundary Attack) were implemented to create the adversarial examples on the basis of images from the CIFAR-10 and the GTSRB datasets. The trained DNNs, being based on the PreAct-ResNet-50 architecture, were subsequently evaluated concerning their robustness against both adversarial and random perturbations. Furthermore, two variants of adversarial training (using the Fast Gradient Sign Method and the Stable Single Step algorithm, respectively) were implemented to analyze, in how far such an adaption of the training process influences the robustness and general accuracy of DNNs. Last, the loss landscapes of the differently trained DNNs were investigated qualitatively. The results show that the susceptibility to adversarial examples is highly data dependent, with images from CIFAR-10 generally exhibiting a higher risk than those from the GTSRB dataset. By contrast, random perturbations comparatively rarely led to misclassifications, regardless of the dataset considered. Moreover, Stable Single Step-based adversarial training has proven to increase the robustness against adversarial examples to a limited extent, but also slightly lower the accuracy for natural images. In general, however, adversarial training led to insufficient robustness enhancements, for which substantial overfitting of the trained DNNs was identified as the main reason.
| Item URL in elib: | https://elib.dlr.de/144468/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Document Type: | Thesis (Bachelor's) | ||||||||
| Title: | Adversarial Examples and Robust Training of Deep Neural Networks for Image Classification | ||||||||
| Authors: |
| ||||||||
| Date: | 7 September 2021 | ||||||||
| Refereed publication: | No | ||||||||
| Open Access: | Yes | ||||||||
| Gold Open Access: | No | ||||||||
| In SCOPUS: | No | ||||||||
| In ISI Web of Science: | No | ||||||||
| Number of Pages: | 160 | ||||||||
| Status: | Published | ||||||||
| Keywords: | Machine Learning, Deep Learning, Image Classification, Robustness, Adversarial Examples | ||||||||
| Institution: | DHBW Mannheim | ||||||||
| Department: | Fakultät Informatik | ||||||||
| HGF - Research field: | other | ||||||||
| HGF - Program: | other | ||||||||
| HGF - Program Themes: | other | ||||||||
| DLR - Research area: | no assignment | ||||||||
| DLR - Program: | no assignment | ||||||||
| DLR - Research theme (Project): | no assignment | ||||||||
| Location: | Köln-Porz | ||||||||
| Institutes and Institutions: | Institut of Simulation and Software Technology > High Performance Computing Institute for Software Technology | ||||||||
| Deposited By: | von der Lehr, Fabrice | ||||||||
| Deposited On: | 07 Dec 2021 10:11 | ||||||||
| Last Modified: | 07 Dec 2021 10:11 |
Repository Staff Only: item control page
