Adversarial Attacks on Image Classification Models: FGSM and Patch Attacks and their Impact
It addresses the vulnerability of CNN-based image classifiers to adversarial attacks, which is an incremental study focusing on known methods applied to standard models and datasets.
This work analyzed the impact of two adversarial attacks, FGSM and patch attacks, on pre-trained image classification models like ResNet-34, GoogleNet, and DenseNet-161 using the ImageNet dataset, showing that these attacks significantly reduce classification accuracy.
This chapter introduces the concept of adversarial attacks on image classification models built on convolutional neural networks (CNN). CNNs are very popular deep-learning models which are used in image classification tasks. However, very powerful and pre-trained CNN models working very accurately on image datasets for image classification tasks may perform disastrously when the networks are under adversarial attacks. In this work, two very well-known adversarial attacks are discussed and their impact on the performance of image classifiers is analyzed. These two adversarial attacks are the fast gradient sign method (FGSM) and adversarial patch attack. These attacks are launched on three powerful pre-trained image classifier architectures, ResNet-34, GoogleNet, and DenseNet-161. The classification accuracy of the models in the absence and presence of the two attacks are computed on images from the publicly accessible ImageNet dataset. The results are analyzed to evaluate the impact of the attacks on the image classification task.