Go to DBLP homepageBackground Class Defense Against Adversarial Examples
Abstract: Adversarial examples allow crafted attacks against deep neural network classification of images. We propose a defense of expanding the training set with a single, large, and diverse class of background images, striving to `fill' around the borders of the classification boundary. We find it aids detection of simple attacks on EMNIST, but not advanced attacks. We discuss several limitations of our examination.
Loading