6 Popular Image classification models on Keras were benchmarked for inference under adversarial attacks

Image classification models have been the torchbearers of the machine learning revolution over the past couple of decades. From medical diagnosis to self-driving cars to smartphone photography, the field of computer vision has its hold on a wide variety of applications.

The advent of customized hardware for machine learning applications has propelled more research into image recognition techniques. Conventional deep learning models were tweaked and better architectures were developed. Today there are tens of good image classification models that have demonstrated state of the art results and we wanted to know how these models perform under adversarial attacks.

In this work, we use pre-trained Keras models trained on the ImageNet dataset to benchmark them for adversarial attacks. We test the accuracy of these models with and without noise using random images that are not part of the ImageNet dataset. An adversarial attack on an image can be something as simple as a blur.

Keras has become popular with developers ever since the introduction because of its lightweight, written in Python and offers high-level APIs to run models with great ease. For this very reason; i.e. the ease of execution, we have used pre-trained models offered by Keras.

Find the Colab Notebook here.

Experimental Setup

The models benchmarked are:

• NASNet large
• Inception ResNet v2
• Inception v3
• DenseNet 201
• ResNet v2 152
• Xception

Hardware/Platform

Google Colab/12GB RAM/GPU

Training

We have used pre-trained models and weights from Keras applications.

Framework

Keras Applications [9] are deep learning models that are made available alongside pre-trained weights. These models can be used for prediction, feature extraction, and fine-tuning. Weights are loaded automatically while instantiating a model.

Read the full report below: