MSc Thesis Proposal by Chris Khalil: "Neural Networks Robustness Against Adversarial Attacks Using Discretization"

Tuesday, September 14, 2021 - 09:00 to 10:30

SCHOOL OF COMPUTER SCIENCE 

The School of Computer Science is pleased to present… 

MSc Thesis Proposal by: Chris Khalil 

 
Date: Tuesday September 14, 2021 
Time:  09:00am to 10:30am 
Passcode:   If interested in attending this event, contact the Graduate Secretary days in advance of the event at csgradinfo@uwindsor.ca
 

Abstract:  

In this research we discuss the weakness of machine learning algorithms in particular machine learning vulnerability to adversarial attacks. An adversarial attack is a cyber-attack in the form of modified input to a machine learning algorithm that has been carefully computed to be misclassified by machine learning algorithms. In a lot of cases of adversarial attacks, the modified input is indistinguishable to a human observer from the original input. We also suggest a defense based on Two Precision input discretization. We show that models with Two Precision input discretization consistently have higher accuracy on adversarial examples, without decreasing generalization. State-of-the-art accuracy under the strongest known white-box attack was increased from 93.20% to 94.30% on MNIST and 50.00% to 79.16% on CIFAR-10.  
 
Keywords: CNN, adversarial attack, discretization, linearity 
 
 

MSc Thesis Committee:  

Internal Reader: Dr Sherif Saad 
External Reader: Dr. Mohammad Hassanzadeh    
Advisor: Dr. Alioune Ngom  
 
 

MSc Thesis Proposal Announcement  Vector Institute in Artificial Intelligence artificial intelligence approved topic logo

 

5113 Lambton Tower 401 Sunset Ave. Windsor ON, N9B 3P4 (519) 253-3000 Ext. 3716 csgradinfo@uwindsor.ca (working remotely)