O Método do Sinal do Gradiente Rápido (FGSM) is an efficient algorithm used in the field of aprendizado de máquina, particularly in the area of de aprendizado de máquina adversarial. It aims to create adversarial examples—slightly altered inputs designed to deceive machine learning models into making incorrect predictions.
FGSM funciona aproveitando os gradientes da função de perda with respect to the input data. The core idea is to modify the input data in the direction that maximizes the loss, which is typically associated with the model’s predictions. This is achieved by calculating the gradient of the loss function and then adjusting the input data using a small perturbation. The perturbation is determined by the sign of the gradient, hence the name ‘Fast Gradient Sign Method.’
Matematicamente, o FGSM pode ser representado como:
x' = x + ε * sign(∇_x J(θ, x, y))Aqui, x is the original input, x’ is the exemplo adversarial, ε is a small constant that controls the magnitude of the perturbation, ∇_x J(θ, x, y) denotes the gradient of the loss function J with respect to the input x, and y represents the true label. The sign function extracts the direction of the gradient, ensuring that the perturbation is applied in the most effective way to increase the model’s error.
FGSM é notável por its speed and simplicity, allowing researchers and practitioners to quickly generate adversarial examples for evaluating the robustness of machine learning models. However, while it is effective, FGSM can be limited in its ability to create strong ataques adversariais contra modelos mais sofisticados.