Adversarial Defense
123 papers with code • 9 benchmarks • 6 datasets
Competitions with currently unpublished results:
Benchmarks
These leaderboards are used to track progress in Adversarial Defense
| Trend | Dataset | Best Model | Paper | Code | Compare |
|---|---|---|---|---|---|
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
Libraries
Use these libraries to find Adversarial Defense models and implementations
CIFAR-10
ImageNet
MNIST
CIFAR-100
miniImageNet
Icons-50
Most implemented papers
Towards Deep Learning Models Resistant to Adversarial Attacks
MadryLab/mnist_challenge
•
•
ICLR 2018
Its principled nature also enables us to identify methods for both training and attacking neural networks that are reliable and, in a certain sense, universal.
Technical Report on the CleverHans v2.1.0 Adversarial Examples Library
An adversarial example library for constructing attacks, building defenses, and benchmarking both
The Limitations of Deep Learning in Adversarial Settings
In this work, we formalize the space of adversaries against deep neural networks (DNNs) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs.
Benchmarking Neural Network Robustness to Common Corruptions and Perturbations
hendrycks/robustness
•
•
ICLR 2019
Then we propose a new dataset called ImageNet-P which enables researchers to benchmark a classifier's robustness to common perturbations.
Certified Adversarial Robustness via Randomized Smoothing
We show how to turn any classifier that classifies well under Gaussian noise into a new classifier that is certifiably robust to adversarial perturbations under the $\ell_2$ norm.
Adversarial Training for Free!
mahyarnajibi/FreeAdversarialTraining
•
•
NeurIPS 2019
Adversarial training, in which a network is trained on adversarial examples, is one of the few defenses against adversarial attacks that withstands strong attacks.
ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models
However, different from leveraging attack transferability from substitute models, we propose zeroth order optimization (ZOO) based attacks to directly estimate the gradients of the targeted DNN for generating adversarial examples.
Theoretically Principled Trade-off between Robustness and Accuracy
yaodongyu/TRADES
•
•
We identify a trade-off between robustness and accuracy that serves as a guiding principle in the design of defenses against adversarial examples.
AOGNets: Compositional Grammatical Architectures for Deep Learning
This paper presents deep compositional grammatical architectures which harness the best of two worlds: grammar models and DNNs.
Certified Defenses against Adversarial Examples
While neural networks have achieved high accuracy on standard image classification benchmarks, their accuracy drops to nearly zero in the presence of small adversarial perturbations to test inputs.
