Create adversarial images to fool a MNIST classifier in TensorFlow
Backstory
The original concept of this notebook was based on a Machine Learning (intern) candidate tech challenge from the Toronto startup 500px. When I first saw the posting, it was at the beginning of my 3 month career pivot into Deep Learning and I thought this challenge would be a great way for me to benchmark my progress once I get started. You can read more about my career transition journey on Medium and a revised/updated version on LinkedIn.
Although, I didn't follow through with providing the entire final output of the challenge, I'm quite satisfied that I've successfully completed it and consider it a demonstration of my current knowledge and capability. Prior to starting this challenge, I completed Fast.ai: Practical Deep Learning - Part 1. Read through my blog post to see my reading material - Deep Learning Reading List.
The Challenge (summarized)
Create adversarial images to fool a MNIST classifier in TensorFlow.
- Learn how adversarial examples are created. For example, “Breaking Linear Classifiers on ImageNet” gives a good overview on the
- Install Tensorflow
- Follow “Deep MNIST for Experts” tutorial to get the MNIST classifier running.
- Expand the code from the previous step to generate adversarial images. Specifically, pick 10 images of digit ‘2’ which are correctly classified as ‘2’ by the trained model and modify them so the network incorrectly classifies them as 6.
- Generate adversarial examples and save them as a single image containing a grid of 10 rows and 3 columns. The rows correspond to the selected examples of ‘2’. The columns are original image, delta and adversarial image. Provide link to the resulting image.
- Make your code clean and readable. Add comments where needed.