92 papers with code • 9 benchmarks • 6 datasets
Its principled nature also enables us to identify methods for both training and attacking neural networks that are reliable and, in a certain sense, universal.
Ranked #2 on Robust classification on CIFAR-10
An adversarial example library for constructing attacks, building defenses, and benchmarking both
In this work, we formalize the space of adversaries against deep neural networks (DNNs) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs.
Based on this observation, we propose a defense approach which inspects the graph and recovers the potential adversarial perturbations.
advertorch is a toolbox for adversarial robustness research.
We identify obfuscated gradients, a kind of gradient masking, as a phenomenon that leads to a false sense of security in defenses against adversarial examples.
This study suggests that adversarial perturbations on images lead to noise in the features constructed by these networks.
Then we propose a new dataset called ImageNet-P which enables researchers to benchmark a classifier's robustness to common perturbations.
Ranked #10 on Domain Generalization on ImageNet-C
We identify a trade-off between robustness and accuracy that serves as a guiding principle in the design of defenses against adversarial examples.
Ranked #3 on Adversarial Attack on CIFAR-10