ABSTRACT
This chapter systematically analyzes the vulnerabilities of advanced DNN models like CNNs and CapsNets against security threats. In particular, the robustness against affine transformations and adversarial attacks is analyzed. Section 4.1 provides systematic analyses by comparing the robustness of two CapsNet models with two CNN models. In Section 4.1.4, the robustness against affine transformations is discussed. This section also includes the pre-processing methodology for generating affine-transformed versions of the datasets. Section 4.1.5 presents the robustness analysis against existing adversarial attacks, such as the PGD and Carlini-Wagner algorithms. Section 4.1.6 further discusses the impact of the CapsNets’ routing algorithm on the robustness. In Section 4.2, a novel methodology for generating imperceptible and robust adversarial attacks is proposed and evaluated on various CNN and CapsNet models. Section 4.3 presents novel attack algorithms that generate adversarial examples that fake the effect of atmospheric conditions on the camera lens. They are evaluated on CNN and CapsNet models as well.
