Defenses Against Adversarial Attacks

From
Jump to: navigation, search

Youtube search... ...Google search

______________________________________________________

  • A method based on a semidefinite relaxation that outputs a certificate that for a given network and test input, no attack can force the error to exceed a certain value. Second, as this certificate is differentiable, we jointly optimize it with the network parameters, providing an adaptive regularizer that encourages robustness against all attacks. On MNIST, our approach produces a network and a certificate that no attack that perturbs each pixel by at most � = 0.1 can cause more than 35 percent test error.Certified Defenses against Adversarial Examples | Raghunathan, A., Steinhardt, J., Liang, P., 29 Jan 2018

Machine Learning technology isn't perfect, it's vulnerable to many different types of attacks! In this episode, I'll explain 2 common types of attacks and 2 common types of defenses using various code demos from across the Web. There's some really dope mathematics involved with adversarial attacks, and it was a lot of fun reading about the 'cat and mouse' game between new attack techniques, followed by new defense techniques. I encourage anyone new to the field who finds this stuff interesting to learn more about it. I definitely plan to. Let's look into some math, code, and examples. Enjoy!

Defense Against Adversarial Attacks | Siraj Raval

MagNet

  • MagNet includes one or more separate detector networks and a reformer network. The detector networks learn to differentiate between normal and adversarial examples by approximating the manifold of normal examples. Since they assume no specific process for generating adversarial examples, they generalize well. The reformer network moves adversarial examples towards the manifold of normal examples, which is effective for correctly classifying adversarial examples with small perturbation. We discuss the intrinsic difficulties in defending against whitebox attack and propose a mechanism to defend against graybox attack. Inspired by the use of randomness in cryptography, we use diversity to strengthen MagNet. We show empirically that MagNet is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples.MagNet: a Two-Pronged Defense against Adversarial Examples | Meng, D., Chen, H., 11 Sep 2017