Blog URL at hrishikamath.com
Hello there, thanks for visiting this page. My blog has moved to hrishikamath.com. Won't put effort into even making this page look nice for you :P.
Introduction to Adversial Examples
Look at these two images
You can clearly distinguish what a Gibbon and a panda are. Even Convolution Neural Networks (CNN) can :) . There seems like no problem except we would like it to make the neural network prediction as confident as possible. Now look at these two images do you notice any difference?
Now it gets scary when your model predicts this slightly perturbated image of a panda as a gibbon with 99.3% confidence and predicts the original image as a panda with just 55% confidence. We term these as adversial examples , which has questioned the fundamental aspects of what neural networks actually learn and their capabilities. This can be especially dangerous considering how widespread neural networks are.
This was first discovered by Christian Szegedy in 2014
The upside of adversial examples are they can be used as training data making your neural networks generalize better.
I will show you a pytorch implementating of adversial examples and other possible adversial attacks in another tutorial