Attack-and-Defense-of-Adversarial-Images

I have implemented three types of adversarial attacks that can be used on a trained CNN model. To countermeasure these attacks, a defense algorithm is also implemented. The dataset is used is MNIST.

Attack of Adversarial Images

Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake. They’re like optical illusions for machines.

I have implemented three types of white box attacks:

1. Fast Gradient Sign Method
2. Iterative Fast Gradient Sign Method
3. Momentum Iterative Fast Gradient Sign Method

Below given is the training and validation loss accross all the epochs.

Fast Gradient Sign Method

Test Accuracy after FGSM attack

Examples of some adversarial images:

Iterative Fast Gradient Sign Method

Test Accuracy after I-FGSM attack

Examples of some adversarial images:

Momentum Iterative Fast Gradient Sign Method

Test Accuracy after MI_FGSM attack

Examples of some adversarial images:

Defense Distillation for Adversarial Images

To countermeasure the above attacks, distillation was implemented.

Below given is the training and validation loss for netowrkf and networkf1

Defense against FGSM

Below is the Test accuracy after defending the FGSM attack

Examples of the predicitions after defense:

Defense against I-FGSM

Below is the Test accuracy after defending the I-FGSM attack

Examples of the predicitions after defense:

Defense against MI-FGSM

Below is the Test accuracy after defending the MI-FGSM attack

Examples of the predicitions after defense: