November 2019
Intermediate to advanced
346 pages
9h 36m
English
In step 1, we create a large dataset of adversarial samples; namely, 150,000 adversarial samples are created, almost all of which are able to fool LeNet5 on digits. To examine these adversarial samples, unpickle the pickle in the output directory, like so:

Under utils, a file named mnist_read_pickle.py takes as an argument the pickle file. Running it displays one of the adversarial samples. The following image tricks LeNet5 into thinking that it is seeing the number 1:

The deep-pwning framework is designed to be modular, so a ...