对抗训练的规范不可知鲁棒性

May, 2019

On Norm-Agnostic Robustness of Adversarial Training

Bai Li, Changyou Chen, Wenlin Wang, Lawrence Carin

TL;DR本文研究对抗样本攻击机器学习模型并提出一种新的攻击方法，证明最先进的对抗训练方法无法同时获得对$\ell_2$和$\ell_\infty$范数的健壮性，提出可能的解决方案及其局限性。

Abstract

adversarial examples are carefully perturbed in-puts for fooling machine learning models. A well-acknowledged defense method against such examples is adversarial training, where →