对抗样本不容易被检测到：绕过十种检测方法

May, 2017

对抗样本不容易被检测到：绕过十种检测方法

Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods

Nicholas Carlini, David Wagner

TL;DR对10种检测对抗样本的最新提议进行比较后得出：它们都可以被利用新的损失函数打败，因此推测对抗样本的固有属性实际上是不存在的。作者提出了一些简单的评估准则来评估未来提出的防御措施。

Abstract

neural networks are known to be vulnerable to adversarial examples: inputs that are close to valid inputs but classified incorrectly. We investigate the security of ten recent proposals that are designed to detec