Harnessing adversarial examples with a surprisingly simple defense

• URL: http://arxiv.org/abs/2004.13013v3
• Date: Wed, 3 Jun 2020 02:52:54 GMT
• Title: Harnessing adversarial examples with a surprisingly simple defense
• Authors: Ali Borji
• Abstract summary: I introduce a very simple method to defend against adversarial examples. The basic idea is to raise the slope of the ReLU function at the test time. Experiments over MNIST and CIFAR-10 datasets demonstrate the effectiveness of the proposed defense.
• Score: 47.64219291655723
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: I introduce a very simple method to defend against adversarial examples. The basic idea is to raise the slope of the ReLU function at the test time. Experiments over MNIST and CIFAR-10 datasets demonstrate the effectiveness of the proposed defense against a number of strong attacks in both untargeted and targeted settings. While perhaps not as effective as the state of the art adversarial defenses, this approach can provide insights to understand and mitigate adversarial attacks. It can also be used in conjunction with other defenses.

Related papers

• Counter-Samples: A Stateless Strategy to Neutralize Black Box Adversarial Attacks [2.9815109163161204]
  Our paper presents a novel defence against black box attacks, where attackers use the victim model as an oracle to craft their adversarial examples. Unlike traditional preprocessing defences that rely on sanitizing input samples, our strategy counters the attack process itself. We demonstrate that our approach is remarkably effective against state-of-the-art black box attacks and outperforms existing defences for both the CIFAR-10 and ImageNet datasets.
  arXiv  Detail & Related papers  (2024-03-14T10:59:54Z)
• Understanding and Improving Ensemble Adversarial Defense [4.504026914523449]
  We develop a new error theory dedicated to understanding ensemble adversarial defense. We propose an effective approach to improve ensemble adversarial defense, named interactive global adversarial training (iGAT) iGAT is capable of boosting their performance by increases up to 17% evaluated using CIFAR10 and CIFAR100 datasets under both white-box and black-box attacks.
  arXiv  Detail & Related papers  (2023-10-27T20:43:29Z)
• The Best Defense is Attack: Repairing Semantics in Textual Adversarial Examples [7.622122513456483]
  We introduce a novel approach named Reactive Perturbation Defocusing (Rapid) Rapid employs an adversarial detector to identify fake labels of adversarial examples and leverage adversarial attackers to repair the semantics in adversarial examples. Our extensive experimental results conducted on four public datasets, convincingly demonstrate the effectiveness of Rapid in various adversarial attack scenarios.
  arXiv  Detail & Related papers  (2023-05-06T15:14:11Z)
• Randomness in ML Defenses Helps Persistent Attackers and Hinders Evaluators [49.52538232104449]
  It is becoming increasingly imperative to design robust ML defenses. Recent work has found that many defenses that initially resist state-of-the-art attacks can be broken by an adaptive adversary. We take steps to simplify the design of defenses and argue that white-box defenses should eschew randomness when possible.
  arXiv  Detail & Related papers  (2023-02-27T01:33:31Z)
• A Game-Theoretic Approach for AI-based Botnet Attack Defence [5.020067709306813]
  New generation of botnets leverage Artificial Intelligent (AI) techniques to conceal the identity of botmasters and the attack intention to avoid detection. There has not been an existing assessment tool capable of evaluating the effectiveness of existing defense strategies against this kind of AI-based botnet attack. We propose a sequential game theory model that is capable to analyse the details of the potential strategies botnet attackers and defenders could use to reach Nash Equilibrium (NE)
  arXiv  Detail & Related papers  (2021-12-04T02:53:40Z)
• Improving the Adversarial Robustness for Speaker Verification by Self-Supervised Learning [95.60856995067083]
  This work is among the first to perform adversarial defense for ASV without knowing the specific attack algorithms. We propose to perform adversarial defense from two perspectives: 1) adversarial perturbation purification and 2) adversarial perturbation detection. Experimental results show that our detection module effectively shields the ASV by detecting adversarial samples with an accuracy of around 80%.
  arXiv  Detail & Related papers  (2021-06-01T07:10:54Z)
• Internal Wasserstein Distance for Adversarial Attack and Defense [40.27647699862274]
  We propose an internal Wasserstein distance (IWD) to measure image similarity between a sample and its adversarial example. We develop a novel attack method by capturing the distribution of patches in original samples. We also build a new defense method that seeks to learn robust models to defend against unseen adversarial examples.
  arXiv  Detail & Related papers  (2021-03-13T02:08:02Z)
• Advocating for Multiple Defense Strategies against Adversarial Examples [66.90877224665168]
  It has been empirically observed that defense mechanisms designed to protect neural networks against $ell_infty$ adversarial examples offer poor performance. In this paper we conduct a geometrical analysis that validates this observation. Then, we provide a number of empirical insights to illustrate the effect of this phenomenon in practice.
  arXiv  Detail & Related papers  (2020-12-04T14:42:46Z)
• Are Adversarial Examples Created Equal? A Learnable Weighted Minimax Risk for Robustness under Non-uniform Attacks [70.11599738647963]
  Adversarial Training is one of the few defenses that withstand strong attacks. Traditional defense mechanisms assume a uniform attack over the examples according to the underlying data distribution. We present a weighted minimax risk optimization that defends against non-uniform attacks.
  arXiv  Detail & Related papers  (2020-10-24T21:20:35Z)
• Defense against adversarial attacks on spoofing countermeasures of ASV [95.87555881176529]
  This paper introduces a passive defense method, spatial smoothing, and a proactive defense method, adversarial training, to mitigate the vulnerability of ASV spoofing countermeasure models. The experimental results show that these two defense methods positively help spoofing countermeasure models counter adversarial examples.
  arXiv  Detail & Related papers  (2020-03-06T08:08:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.