Defensive Distillation is Not Robust to Adversarial Examples
Nicholas Carlini, David Wagner
TL;DR
This paper demonstrates that defensive distillation, previously thought to improve neural network robustness, does not actually provide resistance against targeted adversarial attacks.
Contribution
The study reveals that defensive distillation fails to enhance neural network security against adversarial examples, challenging prior assumptions.
Findings
Defensive distillation does not improve robustness against targeted attacks.
Neural networks with defensive distillation are as vulnerable as unprotected models.
The paper provides evidence that defensive distillation is ineffective for security.
Abstract
We show that defensive distillation is not secure: it is no more resistant to targeted misclassification attacks than unprotected neural networks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Domain Adaptation and Few-Shot Learning