Alter the Structure of Adversarial Perturbations with Model Agnostic Defense
Alter the Structure of Adversarial Perturbations with Model Agnostic Defense
Deep neural networks are vulnerable to adversarial perturbations and are easily fooled by adversarial samples. In our project, we present an evaluation of different defense schemes that alter the structure of adversarial perturbation and defend against adversarial attacks including Fast Gradient Sign Method(FGS), Iterative Fast Gradient Sign Method(I- FGSM) and L-BFGS. The defense schemes we investigate is model-agnostic. Even if the model we use to make the prediction and the defense schemes we implement is known to the attacker, it is difficult for the attacker to circumvent the defense due to the randomness of the method. The evaluation we obtained can be used as reference for deploying different defense strategy under different circumstances.
We first present the methodology for the adversarial attack and the defense schemes we evaluate. Then we perform multiple experiments to evaluate the defense schemes against the attack using three metrics. We then conclude the evaluation and further discuss the implications of the results.