AIにより推定されたラベル
※ こちらのラベルはAIによって自動的に追加されました。そのため、正確でないことがあります。
詳細は文献データベースについてをご覧ください。
Abstract
We provide recovery guarantees for compressible signals that have been corrupted with noise and extend the framework introduced in to defend neural networks against ℓ0-norm, ℓ2-norm, and ℓ∞-norm attacks. Our results are general as they can be applied to most unitary transforms used in practice and hold for ℓ0-norm, ℓ2-norm, and ℓ∞-norm bounded noise. In the case of ℓ0-norm noise, we prove recovery guarantees for Iterative Hard Thresholding (IHT) and Basis Pursuit (BP). For ℓ2-norm bounded noise, we provide recovery guarantees for BP and for the case of ℓ∞-norm bounded noise, we provide recovery guarantees for Dantzig Selector (DS). These guarantees theoretically bolster the defense framework introduced in for defending neural networks against adversarial inputs. Finally, we experimentally demonstrate the effectiveness of this defense framework against an array of ℓ0, ℓ2 and ℓ∞ norm attacks.