Performance Evaluation of Adversarial Examples on Deep Neural Network Architectures

Abstract

Tremendous advancement in machine learning over the recent years leads to the use of deep neural networks in many applications from weather prediction to safety critical applications like disease diagnosis. Latest work revealed that, Deep Neural Networks are possibly being attacked using the perturbed input like images/text/audio, also referred to as adversarial examples. Even a small change in considering single pixel can cause neural network models to make mistakes in predicting the output. This has resulted in increased safety concern of deployment of safety critical applications. It is observed that the adversarial examples are transferred from one neural network model to another neural network model with considering adversary knowledge either black box which corresponds to a real-life assumption with the adversary having nearly no knowledge of the framework to be attacked, or white box or gray box. Adversarial examples can be categorized by various characteristics. This paper provides a good inclination of adversarial instances in the context of computer vision with details on various types of adversarial attacks on individual types of neural network architectures and also elaborate the different metrics applied to validate the system performance. We conclude that adversarial learning is a factual threat to application of machine learning not only in the physical world but also during training the model and testing the model. There are some certain counter measures that exist but none of them can act as an individualistic solution for all the challenges. It remains an extensive challenge for the machine learning community to deal with robustness.