This chapter introduces the concept of adversarial attacks on image classification models built on convolutional neural networks (CNN). CNNs are very popular deep-learning models which are used in image classification tasks. However, very powerful and pre-trained CNN models working very accurately on image datasets for image classification tasks may perform disastrously when the networks are under adversarial attacks. In this work, two very well-known adversarial attacks are discussed and their impact on the performance of image classifiers is analyzed. These two adversarial attacks are the fast gradient sign method (FGSM) and adversarial patch attack. These attacks are launched on three powerful pre-trained image classifier architectures, ResNet-34, GoogleNet, and DenseNet-161. The classification accuracy of the models in the absence and presence of the two attacks are computed on images from the publicly accessible ImageNet dataset. The results are analyzed to evaluate the impact of the attacks on the image classification task.

翻译：本章介绍了针对基于卷积神经网络（CNN）的图像分类模型的对抗攻击概念。CNN是广泛应用于图像分类任务的深度学习模型，且非常流行。然而，当这些功能强大且经过预训练的CNN模型在图像数据集上表现精准时，一旦遭受对抗攻击，其性能可能急剧恶化。本文讨论了两类著名的对抗攻击方法，并分析了它们对图像分类器性能的影响。这两种对抗攻击分别是快速梯度符号法（FGSM）和对抗补丁攻击。我们将攻击作用于三种强大的预训练图像分类器架构：ResNet-34、GoogleNet和DenseNet-161。基于公开可访问的ImageNet数据集中的图像，分别计算了模型在无攻击和两种攻击下的分类准确率，并通过分析结果评估了这些攻击对图像分类任务的影响。