ENHANCING ROBUSTNESS OF AI SYSTEMS

AGAINST ADVERSARIAL ATTACKS

A PROJECT REPORT
Submitted in partial fulfillment of the requirements for the award of the degree of

Bachelor of Technology

in

COMPUTER SCIENCE AND ENGINEERING

BY

8C

M.Sai Akhila Dunna Pranav

21331A05F4 21331A05J2

Yerrapati Sravya Pathivada Gowtham 21331A05J1 21331A05D9

Under the Supervision of

Mrs. N Ashwini
Assistant Professor

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

MAHARAJ VIJAYARAM GAJAPATHI RAJ COLLEGE OF ENGINEERING (Autonomous)
(Approved by AICTE, New Delhi, and permanently affiliated to JNTUGV, Vizianagaram), Listed u/s 2(f) & 12(B)
of UGC Act 1956.
Vijayaram Nagar Campus, Chintalavalasa,Vizianagaram-535005, Andhra Pradesh
APRIL, 2024
 ABSTRACT
Artificial Intelligence and Machine Learning have revolutionized our lives, from autonomous
vehicles to language translations, facial recognition and fraud detection. However, these
pervasive technologies are not invulnerable to threats. One significant challenge that AI/ML
models today face is Adversarial attacks - a deliberate method of manipulating the input data
(data poisoning) to mislead the system. Adversarial attacks pose significant threats to the
reliability and security of modern artificial intelligence (AI) applications and networks. This
project focuses on developing and implementing advanced defensive strategies to protect AI
models from these malicious inputs. Utilizing Python as the sole programming language, we will
explore techniques such as robust optimization, adversarial training, and innovative defense
mechanisms. The project aims to enhance the resilience of AI systems against various forms of
adversarial manipulations, ensuring their secure deployment in real-world applications. The
expected outcomes include improved security and reliability of AI models, comprehensive
evaluation metrics for adversarial robustness, and a deploy-able framework for real-world AI
applications.

INTRODUCTION
Artificial Intelligence (AI) has revolutionized numerous fields, including image recognition,
natural language processing, autonomous driving, and cybersecurity. Despite these
advancements, AI models, particularly those utilizing deep learning techniques, are susceptible
to adversarial attacks. These attacks involve the introduction of malicious inputs that
intentionally mislead AI models, leading to incorrect predictions. Such vulnerabilities pose
significant threats to the reliability and security of AI systems, emphasizing the need for robust
defensive strategies to mitigate these risks.
LITERATURE SURVEY
Adversarial Attacks in AI : Adversarial attacks are attempts to trick AI systems by altering input
data, leading to incorrect predictions which cause AI models, especially deep learning ones, to
fail. For example, a slight adjustment to an image can make an AI system misidentify what’s in
the picture.
Types of Adversarial Attacks : There are two main types of attacks on AI models: evasion
attacks and poisoning attacks. Evasion attacks happen when an attacker changes the input data
during the model’s use to trick it into making the wrong decision, such as confusing an image
classifier by changing a few pixels (Szegedy et al., 2014). Poisoning attacks occur during the
training phase of the model, where the attacker adds harmful data to the training set, causing the
AI to learn incorrectly and perform poorly in the future (Biggio et al., 2012).
Impact on AI Applications : These attacks can affect many real-world AI applications. For
example, in facial recognition systems, adversarial attacks can lead to security risks by making the
system misidentify people
Existing Defensive Mechanisms : Several strategies have been developed to defend against
these attacks. One common method is adversarial training, where the AI model is trained using
both normal and adversarial examples so it can better recognize and resist attacks (Madry et al.,
2018). Another approach is robust optimization, which involves tweaking the model to make it
less sensitive to adversarial inputs (Wong & Kolter, 2018). Other techniques include reducing the
complexity of input data to make attacks less effective (feature squeezing) and modifying inputs
before the model processes them (input transformations) (Xu et al., 2017).
Evaluation of Defense Strategies : It is essential to evaluate how well these defense mechanisms
work. Researchers use different metrics to assess how resilient models are to attacks, including
how accurately the model can classify adversarial examples and how well it performs under
different types of attacks.
PROBLEM STATEMENT
Artificial Intelligence (AI) and Machine Learning (ML) systems have become integral in various
high-stakes applications, such as autonomous driving, facial recognition, and cybersecurity.
However, these systems are increasingly vulnerable to adversarial attacks, where small, often
imperceptible modifications to input data lead to incorrect or potentially dangerous outputs. This
weakness poses a significant threat to the reliability, security, and trustworthiness of AI models,
especially in critical real-world scenarios. Current defense strategies, including adversarial
training and robust optimization, either fall short in providing comprehensive protection or come
with trade-offs in performance and scalability. Therefore, there is a critical need for innovative,
efficient, and resilient defense mechanisms to protect AI models from adversarial manipulations,
ensuring their safe and secure deployment in diverse applications.
This project aims to address this challenge by developing advanced defensive strategies that
enhance the robustness of AI models against adversarial attacks.

REQUIREMENTS GATHERING
1. Software Requirements:
Programming Language : Python - The primary programming language for developing the
project.
Machine Learning Frameworks : For building and training deep learning models.
Adversarial Attack Libraries : A library for benchmarking machine learning systems against
adversarial attacks.
Web Frameworks : Flask - A web framework for deploying the defense framework as a web
application.
Visualization Tools : Matplotlib: For plotting graphs and visualizing data. Version Control :
Git: For version control to manage changes to the codebase and collaborate with others.
Operating System : Compatibility with Windows, Linux, or macOS.

2. Hardware Requirements:
CPU : A multi-core processor is recommended for training and testing
models. GPU : A dedicated GPU for faster training of deep learning models
RAM : A minimum of 8 GB of RAM is required
Storage : At least 256 GB of free storage space for datasets, models, and project files.
Networking : Stable internet connection for downloading libraries, datasets, and deploying the
web application.
PROPOSED WORK
1. Adversarial Attack Analysis : Conduct an in-depth study of various adversarial attack
methods
2. Adversarial Training : Implement adversarial training where the model is trained using
adversarial examples alongside normal data.
3. Robust Optimization Techniques : Apply robust optimization techniques to strengthen model
defenses against worst-case adversarial attacks.
4. Develop New Defense Strategies : Create new ways to defend AI, such as Simplifying input
data to make it harder to trick the model.
5. Certified Defenses and Evaluation : Implement defenses that can prove their effectiveness
against attacks.
6. Build a Defense Framework : Create a tool that integrates these defense strategies and can be
used to protect AI models in real-world applications.

7. Testing and Validation : Test these strategies on popular

REFERENCES
Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and Harnessing Adversarial
 Examples. https://arxiv.org/abs/1412.6572

Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R.
(2014). Intriguing properties of neural networks
https://arxiv.org/abs/1312.6199
Role Faculty Name Designation Signature

PROJECT Mrs. N Aswini Assistant

SUPERVIS Professor
OR

PANEL Mrs K. Sobha Rani Professor

MEMBERS

Mr K. Leela Prasad Assistant

Professor

Mrs Jyothi Pyla Assistant

Professor

Project Coordinator Head of the Department Computer Science and Engineering