Labels Predicted by AI
モデルの頑健性保証 敵対的サンプルの検知 ロバスト性向上手法
Please note that these labels were automatically added by AI. Therefore, they may not be entirely accurate.
For more details, please see the About the Literature Database page.
Abstract
The Madry Lab recently hosted a competition designed to test the robustness of their adversarially trained MNIST model. Attacks were constrained to perturb each pixel of the input image by a scaled maximal L∞ distortion ϵ = 0.3. This discourages the use of attacks which are not optimized on the L∞ distortion metric. Our experimental results demonstrate that by relaxing the L∞ constraint of the competition, the elastic-net attack to deep neural networks (EAD) can generate transferable adversarial examples which, despite their high average L∞ distortion, have minimal visual distortion. These results call into question the use of L∞ as a sole measure for visual distortion, and further demonstrate the power of EAD at generating robust adversarial examples.