# Defending Against Universal Perturbations With Shared Adversarial   Training

**Authors:** Chaithanya Kumar Mummadi, Thomas Brox, Jan Hendrik Metzen

arXiv: 1812.03705 · 2019-08-14

## TL;DR

This paper enhances adversarial training methods to better defend deep neural networks against universal perturbations, which are more challenging and can be made perceptible with improved robustness.

## Contribution

It demonstrates that adversarial training is more effective against universal perturbations and proposes an extension to balance robustness and performance.

## Key findings

- Universal perturbations become perceptible after robust training.
- Adversarial training reduces success rate of universal attacks.
- Trade-off between robustness and accuracy is addressed.

## Abstract

Classifiers such as deep neural networks have been shown to be vulnerable against adversarial perturbations on problems with high-dimensional input space. While adversarial training improves the robustness of image classifiers against such adversarial perturbations, it leaves them sensitive to perturbations on a non-negligible fraction of the inputs. In this work, we show that adversarial training is more effective in preventing universal perturbations, where the same perturbation needs to fool a classifier on many inputs. Moreover, we investigate the trade-off between robustness against universal perturbations and performance on unperturbed data and propose an extension of adversarial training that handles this trade-off more gracefully. We present results for image classification and semantic segmentation to showcase that universal perturbations that fool a model hardened with adversarial training become clearly perceptible and show patterns of the target scene.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.03705/full.md

## Figures

27 figures with captions in the complete paper: https://tomesphere.com/paper/1812.03705/full.md

## References

50 references — full list in the complete paper: https://tomesphere.com/paper/1812.03705/full.md

---
Source: https://tomesphere.com/paper/1812.03705