Update README.md
Browse files
README.md
CHANGED
|
@@ -1,3 +1,107 @@
|
|
| 1 |
---
|
| 2 |
license: gpl-3.0
|
| 3 |
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
---
|
| 2 |
license: gpl-3.0
|
| 3 |
---
|
| 4 |
+
## Adversarial Examples for improving the robustness of Eye-State Classification π π :
|
| 5 |
+
|
| 6 |
+
### First Aim:
|
| 7 |
+
Project aims to improve the robustness of the model by adding the adversarial examples to the training dataset.
|
| 8 |
+
We investigated that the robustness of the models on the clean test data are always better than the attacks even though added the pertubated data to the training data.
|
| 9 |
+
### Second Aim:
|
| 10 |
+
|
| 11 |
+
Using adversarial examples, the project aims to improve the robustness and accuracy of a machine learning model which detects the eye-states against small perturbation of an image and to solve the misclassification problem caused by natural transformation.
|
| 12 |
+
### Methodologies
|
| 13 |
+
|
| 14 |
+
* Develop Wide Residual Network and Parseval Network.
|
| 15 |
+
* Train Neural Networks using training dataset.
|
| 16 |
+
* Construct the AEs using FGSM and Random Noise.
|
| 17 |
+
#### The approach for the first aim.
|
| 18 |
+
===================================================================
|
| 19 |
+
* Train Neural Networks by adding Adversarial Examples (AEs) to the training dataset.
|
| 20 |
+
* Evaluate the models on the original test dataset.
|
| 21 |
+
|
| 22 |
+
#### The approach for the second aim.
|
| 23 |
+
===================================================================
|
| 24 |
+
* Train Neural Networks using Adversarial Training with AEs.
|
| 25 |
+
* Attack the new model with different perturbated test dataset.
|
| 26 |
+
|
| 27 |
+
### Neural Network Models
|
| 28 |
+
|
| 29 |
+
#### Wide Residual Network
|
| 30 |
+
|
| 31 |
+
* Baseline of the Model
|
| 32 |
+
|
| 33 |
+
#### Parseval Network
|
| 34 |
+
|
| 35 |
+
* [Orthogonality Constraint in Convolutional Layers](/src/models/Parseval_Networks/constraint.py)
|
| 36 |
+
* [Convexity Constraint in Aggregation Layers](/src/models/Parseval_Networks/convexity_constraint.py)
|
| 37 |
+
|
| 38 |
+
#### Convolutional Neural Network
|
| 39 |
+
|
| 40 |
+
#### Adversarial Examples
|
| 41 |
+
|
| 42 |
+
##### Fast Gradient Sign Method
|
| 43 |
+
[Examples](src/visualization/Adversarial_Images.ipynb)
|
| 44 |
+
|
| 45 |
+
### Evaluation
|
| 46 |
+
|
| 47 |
+
* To evaluate the result of the neural network, Signal to Noise Ratio (SNR) is used as metric.
|
| 48 |
+
* Use transferability of AEs to evaluate the models.
|
| 49 |
+
|
| 50 |
+
## Development
|
| 51 |
+
|
| 52 |
+
#### Models:
|
| 53 |
+
|
| 54 |
+
``` bash
|
| 55 |
+
|
| 56 |
+
adversarial_examples_parseval_net/src/models
|
| 57 |
+
βββ FullyConectedModels
|
| 58 |
+
βΒ Β βββ model.py
|
| 59 |
+
βΒ Β βββ parseval.py
|
| 60 |
+
βββ Parseval_Networks
|
| 61 |
+
βΒ Β βββ constraint.py
|
| 62 |
+
βΒ Β βββ convexity_constraint.py
|
| 63 |
+
βΒ Β βββ parsevalnet.py
|
| 64 |
+
βββ _utility.py
|
| 65 |
+
βββ wideresnet
|
| 66 |
+
βββ wresnet.py
|
| 67 |
+
|
| 68 |
+
|
| 69 |
+
```
|
| 70 |
+
|
| 71 |
+
### Final Results:
|
| 72 |
+
|
| 73 |
+
* [The results of the first approach with FGSM](logs/AEModels/)
|
| 74 |
+
* [The results of the first approach with Random Noise](logs/RandomNoisemodels/)
|
| 75 |
+
* [The results of the second approach](logs/images)
|
| 76 |
+
|
| 77 |
+
|
| 78 |
+
References
|
| 79 |
+
============
|
| 80 |
+
[1] Cisse, Bojanowski, Grave, Dauphin and Usunier, Parseval Networks: Improving Robustness to Adversarial Examples, 2017.
|
| 81 |
+
|
| 82 |
+
[2] Zagoruyko and Komodakis, Wide Residual Networks, 2016.
|
| 83 |
+
|
| 84 |
+
```
|
| 85 |
+
|
| 86 |
+
@misc{ParsevalNetworks,
|
| 87 |
+
author= "Moustapha Cisse, Piotr Bojanowski, Edouard Grave, Yann Dauphin, Nicolas Usunier"
|
| 88 |
+
title="Parseval Networks: Improving Robustness to Adversarial Examples"
|
| 89 |
+
year= "2017"
|
| 90 |
+
}
|
| 91 |
+
```
|
| 92 |
+
|
| 93 |
+
```
|
| 94 |
+
|
| 95 |
+
@misc{Wide Residual Networks
|
| 96 |
+
author= "Sergey Zagoruyko, Nikos Komodakis"
|
| 97 |
+
title= "Wide Residual Networks"
|
| 98 |
+
year= "2016"
|
| 99 |
+
}
|
| 100 |
+
```
|
| 101 |
+
|
| 102 |
+
### Author
|
| 103 |
+
|
| 104 |
+
Sefika Efeoglu
|
| 105 |
+
|
| 106 |
+
Research Project, Data Science MSc, University of Potsdam
|
| 107 |
+
|