Adversarial Attacks on Image Classification Models: Analysis and Defense

TL;DR

This paper analyzes the impact of the FGSM adversarial attack on CNN image classifiers and proposes a defense mechanism based on modified defensive distillation to improve robustness.

Contribution

It provides a detailed analysis of FGSM attack effects on popular CNN architectures and introduces a novel defense strategy using modified defensive distillation.

Findings

FGSM significantly reduces classification accuracy of CNNs

The proposed defense improves robustness against FGSM attacks

Extensive validation confirms effectiveness of the defense mechanism

Abstract

The notion of adversarial attacks on image classification models based on convolutional neural networks (CNN) is introduced in this work. To classify images, deep learning models called CNNs are frequently used. However, when the networks are subject to adversarial attacks, extremely potent and previously trained CNN models that perform quite effectively on image datasets for image classification tasks may perform poorly. In this work, one well-known adversarial attack known as the fast gradient sign method (FGSM) is explored and its adverse effects on the performances of image classification models are examined. The FGSM attack is simulated on three pre-trained image classifier CNN architectures, ResNet-101, AlexNet, and RegNetY 400MF using randomly chosen images from the ImageNet dataset. The classification accuracies of the models are computed in the absence and presence of the attack to demonstrate the detrimental effect of the attack on the performances of the classifiers. Finally, a mechanism is proposed to defend against the FGSM attack based on a modified defensive distillation-based approach. Extensive results are presented for the validation of the proposed scheme.