Go to OpenReview Public Article DBLP homepageBuild a Computationally Efficient Strong Defense Against Adversarial Example Attacks
Abstract: Input transformation techniques have been proposed to defend against adversarial example attacks in imageclassification systems. However, recent works have shown that, although input transformations and augmentations to adversarial samples can prevent unsophisticated adversarial example attacks, adaptive attackers can modify their optimization functions to subvert these defenses. Previous research, especially BaRT (Raff et al., 2019), has suggested building a strong defense by stochastically combining a large number of even individually weak defenses into a single barrage of randomized transformations, which subsequently increases the cost of searching the input space to levels that are not easily computationally feasible for adaptive attacks. While this research took approaches to randomly select input transformations that have different transformation effects to form a strong defense, a thorough evaluation of using well-known state-of-the-art attacks with extensive combinations has
External IDs:dblp:conf/icissp/LiuDDS24
Loading