Feature Squeezing Mitigates and Detects Carlini/Wagner Adversarial   Examples

Weilin Xu; David Evans; Yanjun Qi

arXiv:1705.10686·cs.CR·May 31, 2017·41 cites

Feature Squeezing Mitigates and Detects Carlini/Wagner Adversarial Examples

Weilin Xu, David Evans, Yanjun Qi

PDF

Open Access 1 Repo

TL;DR

Feature squeezing enhances the robustness of deep learning models against Carlini/Wagner adversarial attacks and aids in their detection, offering a simple yet effective defense mechanism.

Contribution

This paper demonstrates that feature squeezing techniques are effective against the powerful Carlini/Wagner adversarial attacks, extending previous work to new attack methods.

Findings

01

Feature squeezing significantly reduces success rate of Carlini/Wagner attacks.

02

It improves detection of adversarial examples.

03

Enhances model robustness with simple preprocessing.

Abstract

Feature squeezing is a recently-introduced framework for mitigating and detecting adversarial examples. In previous work, we showed that it is effective against several earlier methods for generating adversarial examples. In this short note, we report on recent results showing that simple feature squeezing techniques also make deep learning models significantly more robust against the Carlini/Wagner attacks, which are the best known adversarial methods discovered to date.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

mzweilin/EvadeML-Zoo
tfOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning