Publication Date

Spring 2025

Degree Type

Master's Project

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

First Advisor

Saptarshi Sengupta

Second Advisor

Genya Ishigaki

Third Advisor

Philip Heller

Keywords

Adversarial Robustness, Moving Target Defense, Quantization, Morphence, Time Series Forecasting, Image Classification

Abstract

In recent years, the vulnerability of deep learning models to adversarial attacks has emerged as a serious threat, particularly in domains where reliability and robustness are critical. This project builds upon the Morphence framework, a Moving Target Defense (MTD) strategy designed to counter adversarial threats by maintaining a dynamic pool of models and introducing randomness at inference time. While Morphence was originally developed for image classification tasks, this work not only reproduces the original architecture using MNIST and CIFAR-10 datasets but also extends the core principles to an entirely new domain: time series forecasting. The project proposes a unified defense pipeline that begins with clean model training, followed by the generation of perturbed student models, adversarial training using FGSM, BIM, and PGD attacks, and post-training quantization to support memory-efficient deployment. The approach is validated through extensive experiments on both image and time series data — including electricity load forecasting using a Transformer-based model. Across both domains, the Morphence-inspired defense shows significant improvements in adversarial robustness while maintaining high accuracy and low memory footprint, even after 8-bit and 16-bit quantization. By adapting MTD strategies to regression-based forecasting, this project demonstrates the broader applicability of Morphence and provides a concrete step toward building lightweight, attack-resilient machine learning models suitable for real-world deployment.

Download

Available for download on Monday, May 25, 2026

Share

COinS