Evaluation of adversarial attacks against deep learning models

Abstract

The rapid development of deep learning techniques has made them useful in many applications. However, recent studies have shown that deep learning algorithms can be vulnerable to adversarial attacks. This is a serious concern when considering these algorithms for safety-critical applications. To further improve the defense of deep learning algorithm, there is a need to study the threats of adversarial attacks. In this project, the effectiveness of adversarial attacks on deep learning models was evaluated under different criteria like different attack methods, different deep learning model structures and different deep learning tasks. The result of the experiment showed that the effectiveness of the attacks depended on the type of the attack, the source model structure, and the target model structure. Moreover, the result indicated that adversarial training is not the best defense technique against all types of attack methods. Furthermore, the report also showed that effectiveness of adversarial examples is not limited to Computer Vision tasks only but also to Audio Examples Classification.