On the Effectiveness of Defensive Distillation
Nicolas Papernot, Patrick McDaniel
TL;DR
This paper demonstrates that defensive distillation effectively reduces the success of various adversarial attacks on neural networks, including both fast gradient sign and Jacobian-based iterative methods.
Contribution
It provides experimental evidence that defensive distillation is a robust defense mechanism against multiple adversarial attack techniques.
Findings
Defensive distillation mitigates fast gradient sign attacks.
It also defends against Jacobian-based iterative attacks.
The method shows broad effectiveness across attack types.
Abstract
We report experimental results indicating that defensive distillation successfully mitigates adversarial samples crafted using the fast gradient sign method, in addition to those crafted using the Jacobian-based iterative attack on which the defense mechanism was originally evaluated.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Fault Detection and Control Systems · Computational Drug Discovery Methods