Abstract:
Deep neural networks (DNNs) have shown impressive performance on a diverse set of
visual tasks, when deployed in real-world environments. The study reveals that even
state-of-the-art neural networks are susceptible to adversarial attacks, which can com promise their performance and accuracy. It is important to explore the vulnerability of
deep neural networks to these attacks. These attacks are small well-constructed pertur bations to alter the prediction of Deep neural networks and are mostly constructed in
the spatial or pixel domain. To assess the robustness of these networks, we propose a
transformed-based steganography technique to fool deep neural networks on images. Our
approach involves embedding a secret image in a natural image to create an adversarial
example. It involves two stages; first, we select effective secret images by segregating a
large-scale dataset (ImageNet) into different edge regimes. In the second stage, we pro pose the use of two techniques, Discrete Cosine Transform (DCT) and discrete wavelet
transform (DWT) as steganography techniques to fool the neural networks. Moreover,
we have also combined DWT with PCA and analyzed the results. This technique is
ideally used for black-box setting that requires no information about the target model.
Unlike other gradient-based attacks, the computed perturbation is computationally ef ficient as it is a non-iterative technique. The findings demonstrate that by embedding
adversarial perturbations within DWT and PCA coefficients, the neural networks can
be fooled into misclassifying input data. We have showed successful fooling rates using
four different State-of-the-Art Models. Overall, this thesis contributes to the ongoing
research on adversarial attacks and offers insights into improving the robustness of deep
neural networks.
