AI-Adversarial-Attacks
This repository contains the implementation of Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) and analysis.
The purpose of using the adversarial attacks was to fool LeNet to incorrectly classify MNIST data to an untargeted attack label with small perturbations in the image.
FGSM was taken from PyTorch’s documentation here: click
References:
Explaining and Harnessing Adversarial Examples
Adversarial examples in the physical world
FGSM
Fast Gradient Sign Method
快速梯度符号方法
PGD)
Projected Gradient Descent
投影梯度下降
LeNet
Discussion
PGD performs much better than FGSM, mostly because PGD allows more extreme perturbations with the given hyperparameter values. Note that the samples used to evaluate FGSM is not the same as the samples used to evaluate PGD, so the accuracies are not an apples to apples comparison. If alpha or epsilon was smaller, PGD might result similar accuracy to FGSM.