# Dropping Pixels for Adversarial Robustness

**Authors:** Hossein Hosseini, Sreeram Kannan, Radha Poovendran

arXiv: 1905.00180 · 2019-05-02

## TL;DR

This paper introduces a method of improving neural network robustness against adversarial attacks by training and testing with randomly subsampled images, which enhances robustness across multiple perturbation types with minimal accuracy loss.

## Contribution

The paper proposes a novel pixel subsampling technique that enhances adversarial robustness without requiring adversarial training, providing a simple yet effective defense method.

## Key findings

- Significant robustness improvement against L0, L2, and L_inf attacks.
- Minimal reduction in standard accuracy.
- Subsampling acts as a set of robust features.

## Abstract

Deep neural networks are vulnerable against adversarial examples. In this paper, we propose to train and test the networks with randomly subsampled images with high drop rates. We show that this approach significantly improves robustness against adversarial examples in all cases of bounded L0, L2 and L_inf perturbations, while reducing the standard accuracy by a small value. We argue that subsampling pixels can be thought to provide a set of robust features for the input image and, thus, improves robustness without performing adversarial training.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.00180/full.md

## Figures

140 figures with captions in the complete paper: https://tomesphere.com/paper/1905.00180/full.md

## References

30 references — full list in the complete paper: https://tomesphere.com/paper/1905.00180/full.md

---
Source: https://tomesphere.com/paper/1905.00180