2021
DOI: 10.48550/arxiv.2106.04938
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Attacking Adversarial Attacks as A Defense

Boxi Wu,
Heng Pan,
Li Shen
et al.

Abstract: It is well known that adversarial attacks can fool deep neural networks with imperceptible perturbations. Although adversarial training significantly improves model robustness, failure cases of defense still broadly exist. In this work, we find that the adversarial attacks can also be vulnerable to small perturbations. Namely, on adversarially-trained models, perturbing adversarial examples with a small random noise may invalidate their misled predictions. After carefully examining state-of-the-art attacks of … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
13
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
3
2

Relationship

2
3

Authors

Journals

citations
Cited by 7 publications
(14 citation statements)
references
References 10 publications
1
13
0
Order By: Relevance
“…Five defenses (Yoon et al, 2021;Hwang et al, 2021;Qian et al, 2021;Shi et al, 2020;Chen et al, 2021) have robust accuracies well be- & Moosavi-Dezfooli, 2021). Most importantly, four defenses (Wu et al, 2021;Kang et al, 2021;Hwang et al, 2021;Mao et al, 2021) weaken the underlying static defense (when it is already robust), while the others provide minor improvements at the cost of more computation.…”
Section: Case Study Of Adaptive Methodsmentioning
confidence: 99%
See 3 more Smart Citations
“…Five defenses (Yoon et al, 2021;Hwang et al, 2021;Qian et al, 2021;Shi et al, 2020;Chen et al, 2021) have robust accuracies well be- & Moosavi-Dezfooli, 2021). Most importantly, four defenses (Wu et al, 2021;Kang et al, 2021;Hwang et al, 2021;Mao et al, 2021) weaken the underlying static defense (when it is already robust), while the others provide minor improvements at the cost of more computation.…”
Section: Case Study Of Adaptive Methodsmentioning
confidence: 99%
“…Input purification (IP): A model (possibly pre-trained to be robust) is enhanced by adding a test-time optimization procedure that alters inputs before feeding them to it. The optimization procedure may rely on hand-crafted (Alfarra et al, 2022;Wu et al, 2021) or learned objectives (Qian et al, 2021;Mao et al, 2021;Hwang et al, 2021) which may involve auxiliary networks such as generative models (Samangouei et al, 2018).…”
Section: Principlesmentioning
confidence: 99%
See 2 more Smart Citations
“…Despite the unprecedented progress of Deep Neural Networks (DNNs) [20,21,23], the vulnerability to adversarial examples [17,39] poses serious threats to security-sensitive applications, e.g., face recognition [34], autonomous driving [16], etc. To securely deploy DNNs in various applications, it is necessary to conduct an in-depth analysis on the intrinsic properties of adversarial examples, which has inspired numerous researches on adversarial attacks [3-6, 9, 12, 14, 29, 30, 42] and defenses [19,28,36,44,45,49]. Existing attacks could be split into two categories: white-…”
Section: Introductionmentioning
confidence: 99%