Understanding DeepFool Adversarial Attack and Defense with Skater Interpretations

Abstract

With the incorporation of artificial intelligence in businesses, particularly features like computer vision, it has become increasingly important to ensure the robustness of the models being used. A popular technique used to exploit machine learning models is an adversarial attack. Adversarial attacks mis-lead a predictive model by providing it with perturbed input. In the context of computer vision, it involves creating perturbations in an image to deceive a model. One such adversarial attack is the DeepFool attack, which aims to create the most minimal perturbations to an image to deceive the model. These attacks can also affect the way in which interpretations are made. In this paper, we analyze the DeepFool attack and its countermeasures on the ResNet-50 model running on the NIH malarial dataset. To assess the efficiency of the attack and subsequent adversarial training, we have used accuracy and loss. The nature and impact of the attack and adversarial training are analysed using skater, a model interpretation framework. The variations in the interpretations when adversarial attacks are in place are also analysed.