Using Classical tools to counter Adversarial Attacks on Deep learning networks

Abstract

Major success has been achieved by deep learning in various domains e.g. medical imaging, self-driving cars, face recognition, industrial automation and a lot more. But, discovery of adversarial examples has highlighted severe concerns and alarms about the deployment of deep learning systems in real world. The goal of this study is to explore generation of text based adversarial examples and the behavior of deep model based OCR and object detector (Faster FRCNN) against these adversaries. The vulnerabilities of deep detection and recognition model has been successfully captured against black-box and white-box adversaries. This study explores the transferability of adversarial attacks among a deep classifier and a deep detector. The evaluation of the adversarial examples is conducted in two phases. Firstly, the perturbed image is being passed to to a deep OCR for text recognition. Secondly, the same adversarial examples are passed to a object detector to detect and recognize text. Results shows that perturbed image has successfully fooled an OCR but failed against an object detector. This idea supports the fact that transferability of adversarial attack between a deep model and object detector is to be explored.