| dc.contributor.advisor | Crick, Christopher | |
| dc.contributor.author | Huynh, Hai | |
| dc.date.accessioned | 2020-09-09T21:48:17Z | |
| dc.date.available | 2020-09-09T21:48:17Z | |
| dc.date.issued | 2020-05 | |
| dc.identifier.uri | https://hdl.handle.net/11244/325546 | |
| dc.description.abstract | Deep neural networks have been widely applied in various fields of many industries such as medical, security, and self-driving cars. They even surpass human performance in image recognition tasks; however, they have a worrying property. Neural networks are vulnerable to extremely small and human-imperceptible perturbations in images that lead them to provide wrong results with high confidence. Moreover, adversarial images that fool one model can fool another even with different architecture as well. Many studies suggested that a reason for this transferability of adversarial samples is the similar features that different neural networks learn; however, this is just an assumption and remains a gap in our knowledge of adversarial attacks. Our research attempted to validate this assumption and provide better insight into the field of adversarial attacks. We hypothesize that if a neural network representation in one model is highly correlated to the neural network representations of other models, an attack on that network representation would yield better transferability. We tested this hypothesis through experiments with different network architectures as well as datasets. The results were sometimes consistent and sometimes inconsistent with the hypothesis. | |
| dc.format | application/pdf | |
| dc.language | en_US | |
| dc.rights | Copyright is held by the author who has granted the Oklahoma State University Library the non-exclusive right to share this material in its institutional repository. Contact Digital Library Services at lib-dls@okstate.edu or 405-744-9161 for the permission policy on the use, reproduction or distribution of this material. | |
| dc.title | Investigate the effect of neural network representations on the transferability of adversarial attacks | |
| dc.contributor.committeeMember | Mayfield, Blayne | |
| dc.contributor.committeeMember | Thomas, Johnson | |
| osu.filename | Huynh_okstate_0664M_16756.pdf | |
| osu.accesstype | Open Access | |
| dc.type.genre | Thesis | |
| dc.type.material | Text | |
| dc.subject.keywords | adversarial attack | |
| dc.subject.keywords | black-box attack | |
| dc.subject.keywords | transferability | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Oklahoma State University | |
