Project ID 05:
Project Title: Evaluation of Adversarial training Methods on image based machine learning setups
Vidit Chokshi, Final Year BTech (CS)
Manthansingh Bisht, Final Year BTech (CS)
Vineeth Nair, Final Year BTech (CS)
Abheek Ranjan Das, Final Year BTech (IT)
Security is a mandatory feature in the field of computer vision. Adversarial attacks are one of the most famous techniques used for breaching security, which attempts to fool AI models by malicious input. For our project, we took the case of chest x-rays, since medical data is extremely fragile and minute tampering can lead to unforeseen and disastrous effects. Especially with the increase of data breaches involving medical data, it has become essential to add new types of security measures to make the models robust. In this project, initially, various types of adversarial attacking strategies are used to introduce noise into the images in the input dataset. These modified images are generally indistinguishable to the human eye, but can easily mislead the model into a completely wrong prediction. The goal is to deceive an already trained model. The defensive strategies help to make the model robust by identifying the attacks and avoid misleading predictions by the model. We implemented three different types of defense strategies against poisoning attacks to check the robustness improvement in the model.
Figure 1: Adversarial machine learning project pipeline
Symbiosis Centre For Research and Innovation (SCRI), established in 2009, is the dedicated department of Symbiosis International (Deemed University) for promoting and facilitating research among students and faculty. Through its academic and administrative services, SCRI enables researchers to achieve excellence in their work, and eventually, translates SIU's vision of creation of knowledge for the benefit of the Society into reality.