5,337
edits
Deep Learning: Difference between revisions
→Other heuristic/emperical defenses
| Line 764: | Line 764: | ||
This is an ill-posed question. | This is an ill-posed question. | ||
It depends on the data distribution, threat model, and hypothesis class. | It depends on the data distribution, threat model, and hypothesis class. | ||
===Functional Adversarial Attacks=== | |||
Idea is to apply a global change to the image. E.g. every blue pixel becomes brighter and every green pixel becomes grayer. | |||
===Adversarial Training=== | |||
Apply training on the worst perturbation. | |||
E.g. Solve using alternating SGD + PGD. | |||
Adversarial training is couples with an attack type. | |||
==Misc== | ==Misc== | ||