| Popis: |
In recent years, Deep Neural Networks have undergone significant improvements and further development. Especially computer vision has benefited from the latest progresses. Furthermore, the emergence of transfer learning has simplified model development considerably. The mainstream is experiencing a proliferation of applications utilizing this technology. This stellar period for neural networks has its downside, too. Adversarial attacks appear to exploit a universal vulnerability present in most Deep Neural Network domains. This aspect has been extensively researched lately, particularly in the field of image classification. Yet, there are no concrete guidelines or tools that enable inexperienced developers to estimate the robustness of their models. Therefore, this thesis aims to identify meaningful metrics that indicate a classifier's ability to resist adversarial images. Furthermore, it investigates which form of visual representation can provide users with additional knowledge regarding model performance. As a result of the prototype implementation, four specific metrics are generated that enable the measurement of robustness from multiple perspectives. A bar chart containing model predictions aggregated per class offers users in-depth knowledge of the classifier’s behaviour. Following an extensive evaluation, significant insights could be gained concerning robustness and its deterioration when confronted with adversarial examples. In terms of transfer learning, it was found that large-scale datasets, normally used for pre-training, have a significant impact on model robustness. The network architecture likewise influences the resilience of a classifier. The results imply that adversarial transferability depends on the aforementioned findings and a model’s initial robustness. It can be concluded that the implemented prototype is an effective tool for the development of safe image classifiers and should be refined in the future. submitted by: Lejla Sarcevic Masterarbeit FH JOANNEUM 2022 |
