Abstract | ||
---|---|---|
We study the effectiveness of various approaches that defend against adversarial attacks on deep networks via manipulations based on basis function representations of images. Specifically, we experiment with low-pass filtering, PCA, JPEG compression, resolution wavelet approximation, and soft-thresholding. We evaluate these defense techniques using three types of popular attacks in black, gray and white-box settings. Our results show JPEG compression tends to outperform the other tested defenses in most of the settings considered, in addition to soft-thresholding, which performs well in specific cases, and yields a more mild decrease in accuracy on benign examples. In addition, we also mathematically derive a novel white-box in which the adversarial perturbation is composed only of terms corresponding a to pre-determined subset of the basis functions, of which a low frequency attack is a special case. |
Year | Venue | Field |
---|---|---|
2018 | arXiv: Machine Learning | Wavelet approximation,Algorithm,Filter (signal processing),Artificial intelligence,Basis function,Jpeg compression,Mathematics,Machine learning,Adversarial system,Special case |
DocType | Volume | Citations |
Journal | abs/1803.10840 | 5 |
PageRank | References | Authors |
0.37 | 13 | 8 |
Name | Order | Citations | PageRank |
---|---|---|---|
Uri Shaham | 1 | 50 | 4.76 |
James Garritano | 2 | 5 | 0.37 |
Yutaro Yamada | 3 | 63 | 5.51 |
Ethan Weinberger | 4 | 5 | 0.71 |
Alex Cloninger | 5 | 5 | 0.71 |
Xiuyuan Cheng | 6 | 38 | 11.88 |
Kelly P. Stanton | 7 | 26 | 3.20 |
Yuval Kluger | 8 | 117 | 14.08 |