Robust Image Classification based on Pixel Importance
Open Access
- Author:
- Chun, Chaewan
- Area of Honors:
- Computer Science
- Degree:
- Bachelor of Science
- Document Type:
- Thesis
- Thesis Supervisors:
- Jia Li, Thesis Supervisor
Danfeng Zhang, Thesis Honors Advisor - Keywords:
- adversarial attack
image analysis
machine learning
CNN
heatmap-based blurring
robustness - Abstract:
- Machine learning had a massive impact on various applications such as speech recognition, computer vision, natural language processing, and health. Machine learning aims to transform big data into actionable intelligence that is capable of performing tasks that need human intelligence. However, recent research works have revealed the vulnerabilities in machine learning algorithms. The machine learning model can be attacked by manipulated adversarial data. In order to over- come the machine learning models’ vulnerabilities, recent work has been active in making learning models robust against adversarial inputs and evaluating the robustness of different machine learn- ing models. In the image recognition domain, adversarial images are designed by manipulating the input images small enough that external observers cannot visually distinguish the difference. If the machine learning model was attacked with adversarial images, the model performance could be affected depending on the models’ vulnerabilities. In this paper, a new machine learning method is developed to increase robustness against adversarial input. The main idea is to use explanation models to identify unimportant pixels in the image and then modify the training images by blurring those pixels. This strategy is a defense against overfitting and adversarial attacks. This method is evaluated by multiple data sets and compared with other approaches.