Adversarial Machine Learning Project

In Fall 2019 I took an honors colloquium for my introduction to security engineering class where I was required to do a project. The final project that I made was on attacks and defenses of image classification CNNs. I tested the viability of transferring a fast gradient sign (FGS) attack to a different classifier network than the one it was implemented on and I tested adversarial training and gaussian filtering as defenses against the attack. The attack could produce adversarial images that were indistinguishable to the human eye from the original, but would be misclassified by the CNN. For example, an image of a frog could be attacked to be misclassified as a deer by the CNN. The real-world implications of incorrect image classification are profound, especially in systems that impact human lives such as those found in self-driving vehicles. I had no prior experience with machine learning, so it was a challenging but rewarding experience.

Github page with jupyter notebook

Full report: