Project paper : project

Deep neural networks have achieved amazing results in several tasks. However, recent works have shown how these models are vulnerable to adversarial examples, which pose questions about their safety in critical applications. In this paper we want to show which are the basic techniques used to generate adversarial data and the methods to handle them. Then we are going to test empirically how these defenses approach work on a sort of real application like Traffic Signs Classification. Our main goal consists in drawing the picture of the methods regarding model defenses through adversarial training, with a comparison between FGSM, FastFGSM and TRADES showing which one makes the model more robust to PGD attacks. Furthermore, we include in this analysis a new recent approach of adversarial training using contrastive learning, in which a pre-training step has shown to increase neural networks’ robustness.