Difference between revisions of "Defenses Against Adversarial Attacks"
(→MagNet) |
(→MagNet) |
||
| Line 13: | Line 13: | ||
== MagNet == | == MagNet == | ||
| − | * MagNet includes one or more separate detector networks and a reformer network. The detector networks learn to differentiate between normal and adversarial examples by approximating the manifold of normal examples. Since they assume no specific process for generating adversarial examples, they generalize well. The reformer network moves adversarial examples towards the manifold of normal examples, which is effective for correctly classifying adversarial examples with small perturbation. We discuss the intrinsic difficulties in defending against whitebox attack and propose a mechanism to defend against graybox attack. Inspired by the use of randomness in cryptography, we use diversity to strengthen MagNet. We show empirically that MagNet is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples.[http://arxiv.org/pdf/1705.09064.pdf MagNet: a Two-Pronged Defense against Adversarial Examples | Meng, D., Chen, H. ], 11 Sep 2017 | + | * MagNet includes one or more separate detector networks and a reformer network. The detector networks learn to differentiate between normal and adversarial examples by approximating the manifold of normal examples. Since they assume no specific process for generating adversarial examples, they generalize well. The reformer network moves adversarial examples towards the manifold of normal examples, which is effective for correctly classifying adversarial examples with small perturbation. We discuss the intrinsic difficulties in defending against whitebox attack and propose a mechanism to defend against graybox attack. Inspired by the use of randomness in cryptography, we use diversity to strengthen MagNet. We show empirically that MagNet is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples.[http://arxiv.org/pdf/1705.09064.pdf MagNet: a Two-Pronged Defense against Adversarial Examples | Meng, D., Chen, H.], 11 Sep 2017 |
| − | * [http://web.cs.ucdavis.edu/~hchen/paper/meng2017-slides.pdf MagNet: a Two-Pronged Defense against Adversarial Examples] | + | * [http://web.cs.ucdavis.edu/~hchen/paper/meng2017-slides.pdf MagNet: a Two-Pronged Defense against Adversarial Examples - Presentation | Meng, D., Chen, H.] |
<youtube>wZ-wIdAcWQE</youtube> | <youtube>wZ-wIdAcWQE</youtube> | ||
Revision as of 21:41, 5 July 2018
______________________________________________________
MagNet
- MagNet includes one or more separate detector networks and a reformer network. The detector networks learn to differentiate between normal and adversarial examples by approximating the manifold of normal examples. Since they assume no specific process for generating adversarial examples, they generalize well. The reformer network moves adversarial examples towards the manifold of normal examples, which is effective for correctly classifying adversarial examples with small perturbation. We discuss the intrinsic difficulties in defending against whitebox attack and propose a mechanism to defend against graybox attack. Inspired by the use of randomness in cryptography, we use diversity to strengthen MagNet. We show empirically that MagNet is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples.MagNet: a Two-Pronged Defense against Adversarial Examples | Meng, D., Chen, H., 11 Sep 2017
- ...we show that adversarial examples crafted based on the L1 distortion metric can easily bypass MagNet On the Limitation of MagNet Defense against L1-based Adversarial Examples | Lu, P., Chen, P., Chen, K., Yu, C., 9 May 2018
- MagNet and "Efficient Defenses..." were recently proposed as a defense to adversarial examples. We find that we can construct adversarial examples that defeat these defenses with only a slight increase in distortion. MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples | Carlini, N., Wagner, D., 22 Nov 2017
