El Método de Signo del Gradiente Rápido (FGSM) is an efficient algorithm used in the field of aprendizaje automático, particularly in the area of aprendizaje automático adversarial. It aims to create adversarial examples—slightly altered inputs designed to deceive machine learning models into making incorrect predictions.
FGSM funciona aprovechando los gradientes de la función de pérdida with respect to the input data. The core idea is to modify the input data in the direction that maximizes the loss, which is typically associated with the model’s predictions. This is achieved by calculating the gradient of the loss function and then adjusting the input data using a small perturbation. The perturbation is determined by the sign of the gradient, hence the name ‘Fast Gradient Sign Method.’
Matemáticamente, el FGSM puede representarse como:
x' = x + ε * sign(∇_x J(θ, x, y))Aquí, x is the original input, x’ is the ejemplo adversarial, ε is a small constant that controls the magnitude of the perturbation, ∇_x J(θ, x, y) denotes the gradient of the loss function J with respect to the input x, and y represents the true label. The sign function extracts the direction of the gradient, ensuring that the perturbation is applied in the most effective way to increase the model’s error.
FGSM es notable por its speed and simplicity, allowing researchers and practitioners to quickly generate adversarial examples for evaluating the robustness of machine learning models. However, while it is effective, FGSM can be limited in its ability to create strong ataques adversariales contra modelos más sofisticados.