On the Robustness of the CVPR 2018 White-Box Adversarial Example   Defenses

Anish Athalye; Nicholas Carlini

arXiv:1804.03286·cs.CV·April 11, 2018·119 cites

On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses

Anish Athalye, Nicholas Carlini

PDF

Open Access 2 Repos

TL;DR

This paper critically evaluates two white-box adversarial defenses from CVPR 2018, demonstrating their ineffectiveness by reducing model accuracy to zero with existing attack techniques.

Contribution

It provides an empirical assessment showing that the defenses are not robust against current adversarial attack methods.

Findings

01

Defenses from CVPR 2018 are ineffective against white-box attacks.

02

Existing attack techniques can reduce defended model accuracy to 0%.

03

Highlights the need for more robust adversarial defense strategies.

Abstract

Neural networks are known to be vulnerable to adversarial examples. In this note, we evaluate the two white-box defenses that appeared at CVPR 2018 and find they are ineffective: when applying existing techniques, we can reduce the accuracy of the defended models to 0%.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Physical Unclonable Functions (PUFs) and Hardware Security · Cryptographic Implementations and Security