关于对抗性样本防御的自适应攻击

Feb, 2020

On Adaptive Attacks to Adversarial Example Defenses

Florian Tramer, Nicholas Carlini, Wieland Brendel, Aleksander Madry

TL;DR本文探讨了13种已在相关会议上发表的对抗性防御方法对抗自适应攻击方法的实验结果，发现这些方法在实际运用中并不完善，因此提出了一种可行的自适应攻击方法，希望能够为研究更为健壮的防御模型提供指导。

Abstract

adaptive attacks have (rightfully) become the de facto standard for evaluating defenses to adversarial examples. We find, however, that ty