MSc Thesis Proposal by Chris Khalil: "Neural Networks Robustness Against Adversarial Attacks Using Discretization"

Tuesday, September 14, 2021 - 09:00 to 10:30


The School of Computer Science is pleased to present… 

MSc Thesis Proposal by: Chris Khalil 

Date: Tuesday September 14, 2021 
Time:  09:00am to 10:30am 
Passcode:   If interested in attending this event, contact the Graduate Secretary days in advance of the event at


In this research we discuss the weakness of machine learning algorithms in particular machine learning vulnerability to adversarial attacks. An adversarial attack is a cyber-attack in the form of modified input to a machine learning algorithm that has been carefully computed to be misclassified by machine learning algorithms. In a lot of cases of adversarial attacks, the modified input is indistinguishable to a human observer from the original input. We also suggest a defense based on Two Precision input discretization. We show that models with Two Precision input discretization consistently have higher accuracy on adversarial examples, without decreasing generalization. State-of-the-art accuracy under the strongest known white-box attack was increased from 93.20% to 94.30% on MNIST and 50.00% to 79.16% on CIFAR-10.  
Keywords: CNN, adversarial attack, discretization, linearity 

MSc Thesis Committee:  

Internal Reader: Dr Sherif Saad 
External Reader: Dr. Mohammad Hassanzadeh    
Advisor: Dr. Alioune Ngom  

MSc Thesis Proposal Announcement  Vector Institute in Artificial Intelligence artificial intelligence approved topic logo


5113 Lambton Tower 401 Sunset Ave. Windsor ON, N9B 3P4 (519) 253-3000 Ext. 3716 (working remotely)