Universal Adversarial Patches
| dc.contributor.advisor | Pirsiavash, Hamed | |
| dc.contributor.author | Patil, Koninika | |
| dc.contributor.department | Computer Science and Electrical Engineering | |
| dc.contributor.program | Computer Science | |
| dc.date.accessioned | 2019-10-11T13:43:12Z | |
| dc.date.available | 2019-10-11T13:43:12Z | |
| dc.date.issued | 2017-01-01 | |
| dc.description.abstract | Deep learning algorithms have gained a lot of popularity in recent years due to their state-of-the-art results in computer vision applications. Despite their success, studies have shown that neural networks are vulnerable to attacks via perturbations in input images in various forms, called adversarial examples. Adversarial examples pose a severe security threat because they expose a flaw in machine learning systems. In this theses, we propose a method to generate image-agnostic universal adversarial patches for attacking image classification and object detection using latent contextual information. Our experiments show that for classification, replacing a small part of an image with a universal adversarial patch can cause misclassification of more than 40% images. In object detection, we attack each category of objects individually and the best patch causes approximately 20% images to be misclassified when attacking images of the bird category. We also demonstrate that photos taken of adversarial examples containing the adversarial patch on a cell-phone, can also fool the network. Thus, we show that adversarial examples exist in the physical world which can cause harm to AI-based systems. | |
| dc.genre | theses | |
| dc.identifier | doi:10.13016/m2dlkk-36q4 | |
| dc.identifier.other | 11783 | |
| dc.identifier.uri | http://hdl.handle.net/11603/15522 | |
| dc.language | en | |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Theses and Dissertations Collection | |
| dc.relation.ispartof | UMBC Graduate School Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu | |
| dc.source | Original File Name: Patil_umbc_0434M_11783.pdf | |
| dc.subject | Adversarial Examples | |
| dc.subject | Convolution Neural Networks | |
| dc.subject | Image Classification | |
| dc.subject | Object Detection | |
| dc.title | Universal Adversarial Patches | |
| dc.type | Text | |
| dcterms.accessRights | Distribution Rights granted to UMBC by the author. |