In this assignment, we are creating a image patch used in adversarial attack. The patch is a physical object that may appear abstractive to human perception but it can profoundly affect the image recognition algorithms. This assignment is inspired by the work and study conducted by Tom Brown et al.
We will be using a pretrained neural network model, ResNet34, which consists of a common CNN architecture trained on the ImageNet dataset. Using the following code we can load the model from PyTorch package,
torchvision.models.resnet34(weights='IMAGENET1K_V1')
We will then select one class from imagenet_classes.txt which includes labels of image objects that were trained by ResNet34 model. To conduct adversarial attacks, we require a dataset to work with. Since the CNN model has been trained on ImageNet, it is appropriate to carry out the attacks using data from the same dataset. For this purpose, we offer a small subset of pre-processed images from the original ImageNet dataset (this dataset is provided under the same license as the original). This assignment reference many work conducted by Tom Brown et al and their tutorial.
The work is split into 4 sections shown below:
-
- Environment Setup
-
- Patch Training
- 1.1 Loading CNN model and dataset
- 1.2 Defining patch attack function
- 1.3 Generating patch
-
- Patch Display
European Fire Salamander 64 pixels
