CVPR 2018白盒子对抗攻击防御方法的鲁棒性研究

Apr, 2018

On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses

Anish Athalye, Nicholas Carlini

TL;DR本研究针对2018 CVPR中提出的两种白盒防御策略进行评估，发现它们并不有效，通过现有技术可以将被防御的神经网络模型的准确率降至0%。

Abstract

neural networks are known to be vulnerable to adversarial examples. In this note, we evaluate the two white-box defenses that appeared at