Adversarial Attacks on Image Classification Models: FGSM and Patch Attacks and their Impact

TL;DR

This paper examines the effects of FGSM and patch adversarial attacks on CNN image classifiers like ResNet-34, GoogleNet, and DenseNet-161, highlighting their vulnerability and impact on accuracy using ImageNet data.

Contribution

It provides a comparative analysis of two adversarial attack methods on multiple pre-trained CNN architectures, demonstrating their impact on classification accuracy.

Findings

FGSM and patch attacks significantly reduce model accuracy.

ResNet-34, GoogleNet, and DenseNet-161 are vulnerable to these attacks.

Adversarial attacks compromise the reliability of CNN-based image classifiers.

Abstract

This chapter introduces the concept of adversarial attacks on image classification models built on convolutional neural networks (CNN). CNNs are very popular deep-learning models which are used in image classification tasks. However, very powerful and pre-trained CNN models working very accurately on image datasets for image classification tasks may perform disastrously when the networks are under adversarial attacks. In this work, two very well-known adversarial attacks are discussed and their impact on the performance of image classifiers is analyzed. These two adversarial attacks are the fast gradient sign method (FGSM) and adversarial patch attack. These attacks are launched on three powerful pre-trained image classifier architectures, ResNet-34, GoogleNet, and DenseNet-161. The classification accuracy of the models in the absence and presence of the two attacks are computed on images from the publicly accessible ImageNet dataset. The results are analyzed to evaluate the impact of the attacks on the image classification task.