Fast Gradient Sign Adversarial Attack(FGSM) examples creation using FashionMnist dataset.
inspiration: https://pytorch.org/tutorials/beginner/fgsm_tutorial.html
General goal: Add the least amount of pertubations to the input that causes desired misclassification.
Assumptions on attacker's knowledge:
- White-Box: Attacker has full knowledge and access to the model, architecture, inputs, outputs and weights.
- Black-Box: Attacher has knowledge only about the inputs and outputs of the model and no information about the underlynig model architecture or weights.
Goals:
- misclassification: Attacker only wants the output classification to be wrong and does not care about what the new classification is.
- Source/Target misclassification: pertubations to the input that belongs to a specific source class so that it is classified as a specific target class.
FGSM : White-box attack with the goal of misclassification.
Fast Gradient Sign Attack: Use gradient of the loss w.r.t input data, then adjust the inputs to maximize the loss
In this repo we implement FGSM on the FashionMNIST dataset