Advocating for Multiple Defense Strategies against Adversarial Examples

• URL: http://arxiv.org/abs/2012.02632v1
• Date: Fri, 4 Dec 2020 14:42:46 GMT
• Title: Advocating for Multiple Defense Strategies against Adversarial Examples
• Authors: Alexandre Araujo, Laurent Meunier, Rafael Pinot, Benjamin Negrevergne
• Abstract summary: It has been empirically observed that defense mechanisms designed to protect neural networks against $ell_infty$ adversarial examples offer poor performance. In this paper we conduct a geometrical analysis that validates this observation. Then, we provide a number of empirical insights to illustrate the effect of this phenomenon in practice.
• Score: 66.90877224665168
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: It has been empirically observed that defense mechanisms designed to protect neural networks against $\ell_\infty$ adversarial examples offer poor performance against $\ell_2$ adversarial examples and vice versa. In this paper we conduct a geometrical analysis that validates this observation. Then, we provide a number of empirical insights to illustrate the effect of this phenomenon in practice. Then, we review some of the existing defense mechanism that attempts to defend against multiple attacks by mixing defense strategies. Thanks to our numerical experiments, we discuss the relevance of this method and state open questions for the adversarial examples community.

Related papers

• Detecting Adversarial Examples [24.585379549997743]
  We propose a novel method to detect adversarial examples by analyzing the layer outputs of Deep Neural Networks. Our method is highly effective, compatible with any DNN architecture, and applicable across different domains, such as image, video, and audio.
  arXiv  Detail & Related papers  (2024-10-22T21:42:59Z)
• TREATED:Towards Universal Defense against Textual Adversarial Attacks [28.454310179377302]
  We propose TREATED, a universal adversarial detection method that can defend against attacks of various perturbation levels without making any assumptions. Extensive experiments on three competitive neural networks and two widely used datasets show that our method achieves better detection performance than baselines.
  arXiv  Detail & Related papers  (2021-09-13T03:31:20Z)
• Searching for an Effective Defender: Benchmarking Defense against Adversarial Word Substitution [83.84968082791444]
  Deep neural networks are vulnerable to intentionally crafted adversarial examples. Various methods have been proposed to defend against adversarial word-substitution attacks for neural NLP models.
  arXiv  Detail & Related papers  (2021-08-29T08:11:36Z)
• Internal Wasserstein Distance for Adversarial Attack and Defense [40.27647699862274]
  We propose an internal Wasserstein distance (IWD) to measure image similarity between a sample and its adversarial example. We develop a novel attack method by capturing the distribution of patches in original samples. We also build a new defense method that seeks to learn robust models to defend against unseen adversarial examples.
  arXiv  Detail & Related papers  (2021-03-13T02:08:02Z)
• Learning Defense Transformers for Counterattacking Adversarial Examples [43.59730044883175]
  Deep neural networks (DNNs) are vulnerable to adversarial examples with small perturbations. Existing defense methods focus on some specific types of adversarial examples and may fail to defend well in real-world applications. We study adversarial examples from a new perspective that whether we can defend against adversarial examples by pulling them back to the original clean distribution.
  arXiv  Detail & Related papers  (2021-03-13T02:03:53Z)
• Harnessing adversarial examples with a surprisingly simple defense [47.64219291655723]
  I introduce a very simple method to defend against adversarial examples. The basic idea is to raise the slope of the ReLU function at the test time. Experiments over MNIST and CIFAR-10 datasets demonstrate the effectiveness of the proposed defense.
  arXiv  Detail & Related papers  (2020-04-26T03:09:42Z)
• Defense against adversarial attacks on spoofing countermeasures of ASV [95.87555881176529]
  This paper introduces a passive defense method, spatial smoothing, and a proactive defense method, adversarial training, to mitigate the vulnerability of ASV spoofing countermeasure models. The experimental results show that these two defense methods positively help spoofing countermeasure models counter adversarial examples.
  arXiv  Detail & Related papers  (2020-03-06T08:08:54Z)
• Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks [65.20660287833537]
  In this paper we propose two extensions of the PGD-attack overcoming failures due to suboptimal step size and problems of the objective function. We then combine our novel attacks with two complementary existing ones to form a parameter-free, computationally affordable and user-independent ensemble of attacks to test adversarial robustness.
  arXiv  Detail & Related papers  (2020-03-03T18:15:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.