ImageNet Attacks and Defenses Against
The attack_defence_imagenet_v2 notebook was copied and extended from the original version attack_defence_imagenet provided by Adversarial Robustness Toolbox (ART.) ART is a Python library for Machine Learning Security. ART is hosted by the Linux Foundation AI & Data Foundation (LF AI & Data). ART provides tools that enable developers and researchers to defend and evaluate Machine Learning models and applications against the adversarial threats of Evasion, Poisoning, Extraction, and Inference. ART supports all popular machine learning frameworks (TensorFlow, Keras, PyTorch, MXNet, scikit-learn, XGBoost, LightGBM, CatBoost, GPy, etc.), all data types (images, tables, audio, video, etc.) and machine learning tasks (classification, object detection, speech recognition, generation, certification, etc.).
This material is partially based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0013. Any opinions, findings and conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA).
For this assignment, you will have to submit multiple Jupyter notebook files (“.ipynb”) as well as a write-up for a number of the questions. You can choose to embed all of the text answers in the Jupyter notebook itself (as text) and then select Google Colab-> File->Print->Destination->Save as PDF and submit the PDF file. Make sure that you clearly indicate in your text which question number/section you are answering.
Refer to all readings in assignment 2A, as needed.
Question Points Notes
1. Modify attack_defence_imagenet_v2.ipynb to use gazelle.jpg instead of unicycle.jpg and make sure the entire notebook runs as expected with the new image. 26
2. In the “Apply Defenses:” section, the SpatialSmoothing(window_size=3) defense defaults to a window size of 3. Rerun with values 3 to 10 (you can use a loop) and create a table for each window size of the prediction class and prediction confidence of the original and adversarial examples. Summarize your findings in up to 1 page. 42
3. In the last section of the notebook, “to see if we can defend against the whitebox attack to defeat defences" vary the Jpeg compression from 20 to 90 (in increments of 5) and the GaussianNoise scale from 0.05 to 1.5 in increments of 0.10 and create two tables showing the prediction class and prediction confidence of the original and adversarial examples. Summarize your findings in up to one page. 42
4. After the “Apply Defenses:” section, add another similar one, but use art.defences.preprocessor.FeatureSqueezing instead of SpatialSmoothing and compare to the results you obtained with SpatialSmoothing in one page or less. Run with bit_depth 1,2,3, and 4 and clip_values = (0, 255) and explain what is happening.
Hint:
from art.defences.preprocessor import FeatureSqueezing
fs = FeatureSqueezing( bit_depth = 2,clip_values = (0, 255))
# Apply the defense to the original input #and to the adversarial sample, #respectively:
x_art_def, _ = fs(x_art)
x_art_adv_def, _ = fs(x_art_adv) 42
5. Repeat questions 1 through 3 with beagle.jpg and compare your findings to the ones with gazelle.jpg in one page. 18
Total: 170
CS 340 Milestone One Guidelines and Rubric Overview: For this assignment, you will implement the fundamental operations of create, read, update,
Retail Transaction Programming Project Project Requirements: Develop a program to emulate a purchase transaction at a retail store. This
7COM1028 Secure Systems Programming Referral Coursework: Secure
Create a GUI program that:Accepts the following from a user:Item NameItem QuantityItem PriceAllows the user to create a file to store the sales receip
CS 340 Final Project Guidelines and Rubric Overview The final project will encompass developing a web service using a software stack and impleme
