DeepFool Original Paper: HERE
FGSM Original Paper: HERE
We did the replication experiment on a two-layer fully connected neural network on the MNIST dataset. Our experiments include:
-
Implemented the experimental neural network, the robustness function and the visual demonstration codes. [Section2, Section3, Section 4]
-
Generated adversarial samples using DeepFool as the experimental group and FGSM as the control group. Adversarial samples on the MNIST dataset are shown in the colab file. [Section 3]
-
Attacked the neural network using DeepFool and FGSM correspondingly and did quantitative analysis on the results (accuracy and speed). [Section 4]
-
Fine-tuned the model using adversarial samples generated by DeepFool and FGSM. Evaluated the fine-tuned models. [Section 5]
-
Reproduced the over-perturbed experiment in the fine-tuning process. [Section 5]