Objective Metrics and Gradient Descent Algorithms for Adversarial Examples in Machine Learning

Fueled by massive amounts of data, models produced by machine-learning (ML) algorithms are being used in diverse domains where security, such as, automotive systems, finance, health-care, computer vision, speech recognition, natural-language processing, and malware detection. Of particular concern is use of ML in cyberphysical systems, such as driverless cars and aviation, where the presence of an adversary can cause serious consequences. In this paper we focus on attacks caused by adversarial samples, which are inputs crafted by adding small, often imperceptible, perturbations to force a ML model to misclassify. We present a simple gradient-descent based algorithm for finding adversarial samples, which performs well in comparison to existing algorithms. The second issue that this paper tackles is that of metrics. We present a novel metric based on edge detectors for measuring the quality of adversarial samples.