Go to DBLP homepageTest Time Augmentation as a Defense Against Adversarial Attacks on Online Handwriting
Abstract: Neural networks have been shown to be weak against adversarial attacks. This study examines the effects of adversarial attacks on online handwritten characters and proposes a method to defend against such attacks. In order to make temporal neural networks more robust to adversarial attacks, we propose using Test Time Augmentation (TTA). TTA combines the predictions of transformed inputs with a trained classifier. We adapt TTA and propose its usage to make temporal neural networks more robust to adversarial attacks. The proposed method is evaluated using online handwritten characters and against four state-of-the-art adversarial attacks. We demonstrate that the nontraditional use of TTA can be used to protect against these attacks for almost no cost.
Loading