Class Twelve

Question 1

What is a Convolutional Neural Network (CNN)?

Answer 1

A Convolutional Neural Network (CNN) is a type of deep learning model designed for processing and analyzing visual data, such as images or videos. It uses convolutional layers to automatically extract relevant features from the input data.

Question 2

What are the advantages of using CNNs for image processing?

Answer 2

Advantages of using CNNs include their ability to capture spatial relationships, hierarchical feature extraction, parameter sharing, and translation invariance. They are particularly effective in tasks such as image classification, object detection, and image segmentation.

Question 3

What are convolutional layers in a CNN?

Answer 3

Convolutional layers are the key building blocks of CNNs. They consist of filters or kernels that perform convolutions on the input data, enabling the network to extract local features and learn hierarchical representations.

Question 4

How do pooling layers contribute to CNNs?

Answer 4

Pooling layers in CNNs reduce the spatial dimensions of the feature maps while retaining the most relevant information. They help improve translation invariance, reduce computational complexity, and control overfitting.

Question 5

What is the purpose of the fully connected layers in a CNN?

Answer 5

Fully connected layers in a CNN integrate the extracted features from the convolutional layers and make final predictions or classifications. They provide high-level representations and enable the network to learn complex decision boundaries.

Question 6

What considerations should you have when designing a convolutional layer?

Answer 6

Filter size: Neuron’s weights can be represented as a small image size of receptive field. (Filters are also known as convolution kernels.)
Stride of filter: determines how many pixel steps filter makes when moving from one image activation to another (typical to use a stride of 1).
Padding for input layer: Zero padding is used to pad borders of image pixels with a defined layer of zeros.

Question 7

What are the challenges of training deep CNNs?

Answer 7

Challenges of training deep CNNs include overfitting, vanishing/exploding gradients, computational complexity, and the need for large amounts of labeled training data.

Question 8

What are the differences between feed forward and backpropagation CNN models?

Answer 8

The main difference between feed-forward and backpropagation CNN models lies in the learning process. In feed-forward models, information flows only in one direction, from input to output, without any adjustment of parameters based on error. In backpropagation models, the learning process involves both a forward pass for prediction and a backward pass for updating the model’s parameters using the calculated error signal. This allows the model to learn from the discrepancies between predictions and desired outputs, iteratively improving its performance through parameter updates.

Question 9

What is an adversarial attack in the context of deep learning?

Answer 9

An adversarial attack refers to the deliberate manipulation of input data to deceive or mislead a deep learning model. The goal is to generate perturbations that are imperceptible to humans but can cause the model to make incorrect predictions.

Question 10

What is the objective of an adversarial attack?

Answer 10

The objective of an adversarial attack is to exploit the vulnerabilities of deep learning models and expose their susceptibility to small perturbations in the input data. This helps identify weaknesses in the model’s decision-making process.

Question 11

What are some common methods for generating adversarial examples?

Answer 11

Common methods for generating adversarial examples include the Fast Gradient Sign Method (FGSM), the Projected Gradient Descent (PGD) attack, and optimization-based approaches such as the Carlini-Wagner attack. These methods aim to find perturbations that maximize the model’s prediction error.

Question 12

How can adversarial attacks be used to evaluate and improve deep learning models?

Answer 12

Adversarial attacks provide insights into the vulnerabilities and limitations of deep learning models. By analyzing and understanding how models can be fooled, researchers can develop robust defenses and improve the model’s generalization capabilities.

Question 13

What are some defense mechanisms against adversarial attacks?

Answer 13

Defense mechanisms against adversarial attacks include adversarial training, where models are trained using adversarial examples, defensive distillation, input preprocessing techniques, and the use of certified robust models. These techniques aim to enhance the model’s robustness against adversarial perturbations.

Question 14

Can adversarial attacks be applied to other domains beyond images?

Answer 14

Yes, adversarial attacks can be applied to other domains beyond images, including natural language processing (NLP) tasks such as text classification and sentiment analysis. The goal is to generate subtle modifications to input text that can manipulate the model’s predictions.

Question 15

What are the ethical implications of adversarial attacks?

Answer 15

Adversarial attacks raise ethical concerns, as they can be used maliciously to deceive deep learning models, leading to potential security risks, privacy breaches, and misinformation. Research in adversarial robustness aims to address these concerns and improve the overall security of deep learning systems.

Question 16

How do adversarial attacks relate to the robustness of deep learning models?

Answer 16

Adversarial attacks highlight the lack of robustness in deep learning models and expose their vulnerability to small perturbations. By studying adversarial examples, researchers can develop techniques to enhance the model’s robustness and improve its real-world performance.

Question 17

Can adversarial attacks be completely eliminated?

Answer 17

Completely eliminating adversarial attacks is challenging due to the fundamental properties of deep learning models. However, ongoing research focuses on developing more robust models and defense mechanisms to mitigate the impact of adversarial attacks.

Question 18

What are the different types of adversarial attacks?

Answer 18

• White-Box: Attacker has access to training method (data/network initialization/ algorithm/hyperparameter).
• Black-Box attacks: Attacker does not have complete access to network training method

Question 19

What is GAN?

Answer 19

GAN is a special type of machine learning model that can create new things, like images or text. It has two main parts: a generator and a discriminator. The generator tries to make fake samples that look real, while the discriminator tries to tell the difference between real and fake samples. They compete against each other and get better over time. The goal is for the generator to become really good at making realistic samples. GANs are used to make things like realistic images, generate new text, or improve datasets. [Uses binary cross-entropy loss].

Question 20

What is one example of GAN?

Answer 20

Fast Gradient Sign Method (FGSM) effective method to generate adversarial
images.
1. Take input image –> Make prediction (using CNN).
2. Compute loss of prediction based on true class label.
3. Calculate gradients of loss with respect to input image.
4. Compute gradient sign –> Use to construct adversarial image (output)

Question 21

How does GAN actually work?

Answer 21

Each training iteration is divided into two phases:
* Discriminator training: Batch of real images (label 1) is sampled from training set
and is completed with an equal number of fake images (label 0) produced by the
generator. [Uses binary cross-entropy loss].
* Generator training: Produce another batch of fake images, and once again
discriminator is used to tell whether images are fake or real. Do not add real
images in the batch, and all labels are set to 1 (real).
* Never actually sees any real images.