We evaluate the transfer attacks in this setting and propose a specialized defense method based on a game-theoretic perspective.
Based on this, we are able to predict the upper limit of OOD robustness for existing robust training schemes.
We present a neural network architecture designed to naturally learn a positional embedding and overcome the spectral bias towards lower frequencies faced by conventional implicit neural representation networks.
In this work, we propose the REAP (REalistic Adversarial Patch) benchmark, a digital benchmark that allows the user to evaluate patch attacks on real images, and under real-world conditions.
Decision-based attacks construct adversarial examples against a machine learning (ML) model by making only hard-label queries.
We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification.
On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point.
On a high level, the search radius expands to the nearby Voronoi cells until we find a cell that classifies differently from the input point.
This leads to a significant improvement in both clean accuracy and robustness compared to AT, TRADES, and other baselines.
A large body of recent work has investigated the phenomenon of evasion attacks using adversarial examples for deep learning systems, where the addition of norm-bounded perturbations to the test inputs leads to incorrect output classification.
In this paper, we propose and examine security attacks against sign recognition systems for Deceiving Autonomous caRs with Toxic Signs (we call the proposed attacks DARTS).
Our attack pipeline generates adversarial samples which are robust to the environmental conditions and noisy image transformations present in the physical world.
As an initial assessment, over 480, 000 labeled virtual images of normal highway driving were readily generated in Grand Theft Auto V's virtual environment.
We propose the use of data transformations as a defense against evasion attacks on ML classifiers.