MagNet and "Efficient Defenses Against Adversarial Attacks" are Not   Robust to Adversarial Examples

Nicholas Carlini; David Wagner

arXiv:1711.08478·cs.LG·November 27, 2017·140 cites

MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples

Nicholas Carlini, David Wagner

PDF

Open Access 1 Repo

TL;DR

This paper demonstrates that MagNet and similar defenses against adversarial examples are vulnerable, as adversaries can craft examples that bypass these defenses with minimal additional distortion.

Contribution

It reveals the fragility of MagNet and similar defenses, showing they are not robust against carefully constructed adversarial examples.

Findings

01

Adversarial examples can defeat MagNet with slight distortion

02

MagNet and similar defenses are not robust to adversarial attacks

03

Minimal increase in distortion can bypass these defenses

Abstract

MagNet and "Efficient Defenses..." were recently proposed as a defense to adversarial examples. We find that we can construct adversarial examples that defeat these defenses with only a slight increase in distortion.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

carlini/breaking_efficient_defenses
tfOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Forensic and Genetic Research · Ion-surface interactions and analysis