Neural Networks for image classification - An approach to adversarial perturbation robustness

This thesis is the study of an alternative method for standard classification problems for neural networks, developed with the purpose of obtaining increased robustness to adversarial perturbations. ??Through the use of an encoder, the system maps its input data to distributions with arbitrarily selected target mean values, inside of a latent space with a dimensionality equal to the number of classes. The hope is that, by enforcing a great a great enough distance among the classes distributions, adversarial attacks will succed less often. ??A prototype of the system was already developed for two classes, authorized and not-authorized, and this document explores the results and methods of a multi-class implementation. ?? ??Studies were executed on the MNIST and CIFAR datasets, but the outcomes obtained are solid enough for extension to other databases. Indeed, results prove that a system such as the one presented is consistently more resistant to adversarial perturbations than a standard cross entropy scheme, while providing the same levels of accuracy when no perturbation is present.