Go to DBLP homepageEvaluating Pretrained Deep Learning Models for Image Classification Against Individual and Ensemble Adversarial Attacks
Abstract: The robustness of Deep Neural Networks (DNNs) against adversarial attacks is an important topic in the area of deep learning. To fully investigate the robustness of DNNs, this study examines four frequently used white box adversarial attack techniques, namely, the Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), Basic Iterative Method (BIM), DeepFool, and their effects on DNN models for the image classification task. The results show that ResNet152 and DenseNet201 are less vulnerable comparing to other DNN models to a variety of individual attacks, highlighting their intrinsic strength even in the lack of specific adversarial training. Further, we propose two ensemble adversarial attacks combining three individual attacks for generating adversarial examples from the tiny ImageNet, CIFAR-10, CIFAR-100, and SVHN datasets for DNN model evaluation. It is observed that the performance of the DNNs deteriorate significantly under the proposed ensemble adversarial attacks even after defensive measures have been applied. For instance, the accuracy of the most robust DNN that we tested, namely the defense distillation enhanced DenseNet201, dropped more than 59% under the proposed ensemble adversarial attacks, comparing to only 34% decrease under the individual attacks.
External IDs:dblp:journals/access/RahmanRFQ25
Loading