# Random Spiking and Systematic Evaluation of Defenses Against Adversarial   Examples

**Authors:** Huangyi Ge, Sze Yiu Chau, Bruno Ribeiro, Ninghui Li

arXiv: 1812.01804 · 2020-01-22

## TL;DR

This paper introduces Random Spiking, a novel defense against adversarial examples in image classifiers, supported by a comprehensive evaluation framework and a more realistic adversary model, demonstrating improved robustness over existing methods.

## Contribution

It proposes Random Spiking as a new defense mechanism and a systematic evaluation framework with a stronger adversary model for assessing defenses.

## Key findings

- Random Spiking outperforms many existing defenses.
- The evaluation framework reveals the effectiveness of defenses against realistic adversaries.
- A more powerful adversary strategy is introduced for testing robustness.

## Abstract

Image classifiers often suffer from adversarial examples, which are generated by strategically adding a small amount of noise to input images to trick classifiers into misclassification. Over the years, many defense mechanisms have been proposed, and different researchers have made seemingly contradictory claims on their effectiveness. We present an analysis of possible adversarial models, and propose an evaluation framework for comparing different defense mechanisms. As part of the framework, we introduce a more powerful and realistic adversary strategy. Furthermore, we propose a new defense mechanism called Random Spiking (RS), which generalizes dropout and introduces random noises in the training process in a controlled manner. Evaluations under our proposed framework suggest RS delivers better protection against adversarial examples than many existing schemes.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.01804/full.md

## Figures

21 figures with captions in the complete paper: https://tomesphere.com/paper/1812.01804/full.md

## References

44 references — full list in the complete paper: https://tomesphere.com/paper/1812.01804/full.md

---
Source: https://tomesphere.com/paper/1812.01804