Extending Defensive Distillation

Nicolas Papernot; Patrick McDaniel

arXiv:1705.05264·cs.LG·May 16, 2017·84 cites

Extending Defensive Distillation

Nicolas Papernot, Patrick McDaniel

PDF

Open Access 1 Repo

TL;DR

This paper revisits defensive distillation to improve its effectiveness against adversarial examples, highlighting the importance of advanced training techniques in enhancing model robustness.

Contribution

It identifies limitations of existing defensive distillation and proposes improvements to better defend against adversarial attacks.

Findings

01

Enhanced defense against recent adversarial attacks

02

Reinforces the significance of training techniques in robustness

03

Addresses limitations of previous distillation methods

Abstract

Machine learning is vulnerable to adversarial examples: inputs carefully modified to force misclassification. Designing defenses against such inputs remains largely an open problem. In this work, we revisit defensive distillation---which is one of the mechanisms proposed to mitigate adversarial examples---to address its limitations. We view our results not only as an effective way of addressing some of the recently discovered attacks but also as reinforcing the importance of improved training techniques.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

SergioYF/defensive-distillation-papernot
pytorch

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Computational Drug Discovery Methods