Politecnico di Torino (logo)

Adversarial Attacks for Convolutional Neural Networks and Capsule Networks

Giovanni Caramia

Adversarial Attacks for Convolutional Neural Networks and Capsule Networks.

Rel. Maurizio Martina, Andreas Steininger, Muhammad Shafique. Politecnico di Torino, Corso di laurea magistrale in Mechatronic Engineering (Ingegneria Meccatronica), 2021

[img] PDF (Tesi_di_laurea) - Tesi
Restricted to: Repository staff only until 27 July 2024 (embargo date).
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (29MB)

In Computer Vision (CV) context, the image classification is a supervised learning problem which has several applications in all fields such as autonomous driving, medical diagnosing, remote sensing and so on. In the Deep Learning (DL) field, the image classification problem is solved by several architectures: from the simple Convolutional Neural Networks (CNNs) to the more complex models such as Capsule Networks (CapsNets). An important aspect of image classification is the robustness of the architectures against adversarial attacks: an image can be misclassified crafting a small perturbation to the input. In this dissertation, the adversarial attacks are crafted on Residual Neural Networks (ResNet) and CapsNet models. In a CapsNet configuration, another way to inject attacks is done through Vote Attack, which directly attacks the votes instead of output capsules. The impact of the Vote Attack has been evaluated only on simple datasets until now. The first aim of this thesis is to evaluate the performances and the robustness of CapsNet models against adversarial attacks. The second goal is to design a novel methodology that can mislead the CNNs and CapsNet architectures. Going into depth, in the first part of this dissertation there is a systematic analysis of the latest CapsNet architectures in literature (ShallowCaps, DeepCaps, YaoCaps and FMCaps) applied to the most common benchmarks datasets (SVHN, CINIC10, CIFAR10, CIFAR100). DeepCaps performs better than ShallowCaps in all cases , while YaoCaps achieves the best results for CIFAR10 and CIFAR100. Furthermore, CapsNets are applied for the first time on high resolution datasets (MLRS and COVID19Ti). In particular, the COVID19 Ti dataset contains several Chest X-ray images used for medical diagnosing decision, while the MLRS dataset is used for remote sensing problem. In this context, the results show that DeepCaps performs better than ResNet models . Moreover, in the second part of thesis the robustness of CNNs and CapsNet models against adversarial attacks is evaluated. At the beginning, the robustness evaluation is performed on MLRS and COVID19Ti: the results demonstrate that DeepCaps is more robust than ResNets for small perturbations. After that, the Vote Attack impact is evaluated on CIFAR100: the Vote Attack continues to be stronger than Caps Attack also for more complex datasets. Moreover, in the real world there are several situations where DL models fool the correct classification due to atmospheric phenomena. In this context, a novel methodology is proposed: assuming that the camera lens is dirty due atmospheric conditions (such as rain, snow and hail), it is possible to craft a perturbation changing the pixels of the input following several patterns. Such attack, called Pattern Attack, is performed in a black box setting. The results show that it works well both in CNNs and CapsNet models. The steps of future research may be different: for the first part of analysis, the CapsNet models will be applied to more complex datasets such as ImageNet or ObjectNet trying to obtain good classification performances. Moreover, in the context of Pattern Attack, the future developments consist of applying the attack on other higher resolution datasets.

Relators: Maurizio Martina, Andreas Steininger, Muhammad Shafique
Academic year: 2020/21
Publication type: Electronic
Number of Pages: 126
Corso di laurea: Corso di laurea magistrale in Mechatronic Engineering (Ingegneria Meccatronica)
Classe di laurea: New organization > Master science > LM-25 - AUTOMATION ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/19689
Modify record (reserved for operators) Modify record (reserved for operators)