This project is an instructional notebook for adversarial machine learning using the GTSRB dataset.
The tasks listed in this notebook have been adapted from an assignment from the CS 504: Adversarial Machine learning Course offered at the University of Idaho.
The GTSRB dataset consists of:
- 50,000 images
- Only one sign per image.
- 40 different classes.
- Image sizes vary between 15x15 to 250x250 pixels ( the dataset I provide in this repo have all been scaled to 32x32).
The raw dataset can be found at the GTSRB benchmark site. I provide a pickled version of this dataset in the GTSRB folder
In this notebook we will be learning how to do 4 tasks with Tensorflow/Keras:
- Train a deep learning model using transfer learning on the German Traffic Sign Recognition Dataset GTSRB data set.
- Implement 4 different white-box evasion attacks againts the model we trained, comparing their performances at different perturbation(ε) values
- Implement a targeted white-box evasion attack using one of the attacks we have already implemented.
- Implement a adversarial trainer defense for your model.
These attacks and defenses are implemented using the Adversarial Robustness Toolbox.
The attacks used are:
- Fast Gradient Sign Method(FGSM): Documentation
- Projected Gradient Descent(PGD): Documentation
- DeepFool(DF): Documentation
- NewtonFool(NF): Documentation
Each of theses tasks will be split up into their own sections with detailed descriptions of the methods used to implement each task. The goal of this notebook is to give you a beginners guide to techniques used in the adversarial machine learning field. You should be able to use what you've learned here to implement other attacks or defenses. Much of the machine learning field is rooted in research and most of the new machine learning and adversarial techniques are first published as papers. I highly suggest you go to the arxiv website and check out the papers there. They are free to access and provide a great resource for those interested in the field.
This notebook relies on several packages to function.
Please install the following. Note: Please check the revision date on each of the links as they may be out of date
- Tensorflow 2.0 Link
- Numpy Link
- MatPlotLib Link
- Pandas Link
- h5py format Link
- Adversarial Robustness ToolBox Link.
The dataset files are currently compressed using 7zip. Please uncompress the archives to their .P file format before use.
You are free to use the code as you please