Combating Adversaries with Anti-adversaries
نویسندگان
چکیده
Deep neural networks are vulnerable to small input perturbations known as adversarial attacks. Inspired by the fact that these adversaries constructed iteratively minimizing confidence of a network for true class label, we propose anti-adversary layer, aimed at countering this effect. In particular, our layer generates an perturbation in opposite direction one and feeds classifier perturbed version input. Our approach is training-free theoretically supported. We verify effectiveness combining with both nominally robustly trained models conduct large-scale experiments from black-box adaptive attacks on CIFAR10, CIFAR100, ImageNet. significantly enhances model robustness while coming no cost clean accuracy.
منابع مشابه
On Dealing with Adversaries Fairly
Peer-to-peer systems are often vulnerable to disruption by minorities. There are several strategies for dealing with this problem, but ultimately many of them come down to some kind of voting or collaborative filtering mechanism. Yet there exists a large literature on voting theory, also known as social choice theory. In this note we outline some of its key results and try to apply them to a nu...
متن کاملBillion-Gate Secure Computation with Malicious Adversaries
The goal of this paper is to assess the feasibility of two-party secure computation in the presence of a malicious adversary. Prior work has shown the feasibility of billion-gate circuits in the semi-honest model, but only the 35k-gate AES circuit in the malicious model, in part because security in the malicious model is much harder to achieve. We show that by incorporating the best known techn...
متن کاملPrivate Web Search with Malicious Adversaries
Web search has become an integral part of our lives and we use it daily for business and pleasure. Unfortunately, however, we unwittingly reveal a huge amount of private information about ourselves when we search the web. A look at a user’s search terms over a period of a few months paints a frighteningly clear and detailed picture about the user’s life. In this paper, we build on previous work...
متن کاملLog-loss games with bounded adversaries
Worst-case analysis of the game assumes, by definition, that the adversary is trying to minimize the learner’s regret without any restrictions on the resources it uses while doing so. In practice, however, it may not be necessary (or indeed desirable) to get bounds of this kind—real-world data are typically generated by processes of bounded computational power, memory, etc., and it would be use...
متن کاملCompositional System Security with Interface-Confined Adversaries
This paper presents a formal framework for compositional reasoning about secure systems. A key insight is to view a trusted system in terms of the interfaces that the various components expose: larger trusted components are built by combining interface calls in known ways; the adversary is confined to the interfaces it has access to, but may combine interface calls without restriction. Composit...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence
سال: 2022
ISSN: ['2159-5399', '2374-3468']
DOI: https://doi.org/10.1609/aaai.v36i6.20545