5,321
edits
Adversarial Examples: Difference between revisions
no edit summary
(Created page with "An adversarial example tries to trick a neural network by applying a small worst-case perturbation to a real example.") |
No edit summary |
||
| Line 1: | Line 1: | ||
An adversarial example tries to trick a neural network by applying a small worst-case perturbation to a real example. | An adversarial example tries to trick a neural network by applying a small worst-case perturbation to a real example. | ||
These were also introduced by Ian Goodfellow | |||
==Attacks== | |||
===Fast Gradient Sign Method=== | |||
The fast gradient sign method (FGSM) using the sign of the gradient times a unit vector as the perturbation. | |||
===Projected Gradient Descent=== | |||
Basic idea: Do gradient descent. If you go too far from your example, project it back into your perturbation range. | |||