This repo contains the code produced by Shrey Poshiya during the summer 2021 internship at the Institute for Computing in Research.

License: GNU General Public License v3.0

Recent developments in Deep Learning (DL) has allowed for its implementation into a wide array of applications. With deep learning being used in many saftey critical environments (ex. healthcare and transporation), it is becoming increasingly important that these aritifical neural networks can succesfully identify the given inputs.

It is been found that carefully altered inputs, called adversarial examples can trick neural networks. These adversarial examples are usually produced by intentionally adding noise to the input image. The most dangerous aspect of these adversarial examples is that the difference between the original input image and the altered one is virtually imperceptable to the human eye. The combination of being able to fool the network while seeming harmless to the human poses a great danger to the validity of the neural nets.

Here is an example of an adversraial example:

One popular strategy to produce adversarial examples is uing the Fast Gradient Sign Method (FGSM). This strategy exploits the gradient, a numeric calculation that gives us information on how to adjust the parameters of the model to minmize the deviation between the actual output and the output estimated by the network. The gradient is a vector that signals in which direction the loss in the loss function increases. In order to create a good neural network (in which the loss is minimized), we sould move in the opposite direction of the gradient and change the parameters of the model in accordance (esentailly we are finding the local minimum of the loss function). The Fast Gradient Sign Method expoilts the generated gradients to create an image that maximizes the loss/cost.

: Our output adversarial image

: Original Input Image

: The label of the Input Image

: Epsilon: A constant that dictates the intensity of the perturbations (the noise) applied to the input image

: The Neural Network model

: The Loss

This repo contains three different folders. Each folder contains scripts for three different Neural Networks (the folder name specifies the name of the dataset that specfic network is using: MNIST, fashion-MNIST, Cifar10).

The folder has the following contents:

{NameOfDataset}.py = This script creates a convolutional neural network and trains the network using tensorflow.keras

Adv_Gen_{NameOfDataset}.py = This scripts generates adversarial images at a given epsilon value. It uses the generated adversarial images to test accuracy of the model. The ouput of this script should give you accuracy values of the models at differnt epsilon values. Using this generated data should produce a plot (using matplotlib.pyplot) that compares accuracy to epsilon value.

blur_{NameOfDataset}.py = This script blurs the generated adverarial images. This should esentially "blur" out the perturbations in the image. The accuracy when the blurred adverarial images are used to test the accuracy of the model should be higher than when the adversarial images are used to test the accuracy (In fact the accuracy of the original dataset versus the blurred adversarial iamges was very close when a certain amount of "blurring" was applied. In my tests the discrpancy between the two accuracies was only -0.13% to -0.25%). This scripts uses Guassian Blurring to blur the adverarial images. The output of this script gives you the accuracy values at different sigma values (sigma is the constant that dictates the strength of the blurring). You can also control the epsilon value of the adverarial images you would like to blur.

BEWARE: Running these scripts take a toll on your hardware. Make sure to have plenty of free memory before running these programs.

Install lastest version of python

To install the required libraries, run the following ocmman in the terminal:

$ pip3 install matplotlib numpy scipy tensorflow

To clone this repo, run the following git command:

$ git clone https://github.com/sposhiy33/AdversarialDefense.git

Navigate to folder in terminal:

$ cd [FILE/PATH/HERE]

From there, to run program, run the command:

$ python3 [enter file name here]

You can run any file independently. When you run a script, it sould start of by training the network