.png)
Despite its impeccable success, modern deep learning systems are still prone to adversarial examples. Let's take computer vision for example. Consider an image of a pig (picture to the left). A deep learning-based image classifier can successfully identify this as a pig. Consider another instance of the same image (picture to the right), a slightly perturbed version of the first picture. It still looks like a pig to human eyes, but the image classifier identifies it as an airliner. These perturbations are called adversarial examples.
Figure 1: To our eyes, the figures are identical, but to an image classifier, they are not the same. This is an example of an adversarial example.
This report will discuss the following aspects of adversarial examples: