论文标题
关于混淆梯度对随机激活修剪的攻击的勘误
Erratum Concerning the Obfuscated Gradients Attack on Stochastic Activation Pruning
论文作者
论文摘要
随机激活修剪(SAP)(Dhillon等人,2018年)是对对抗性例子的防御,被“混淆的梯度”纸被攻击并发现被发现(Athalye等,2018)。我们发现了重新实施的缺陷,该缺陷会人为地削弱SAP。当正确应用SAP时,建议的攻击无效。但是,我们表明,BPDA攻击技术的新使用仍然可以将SAP的准确性降低到0.1%。
Stochastic Activation Pruning (SAP) (Dhillon et al., 2018) is a defense to adversarial examples that was attacked and found to be broken by the "Obfuscated Gradients" paper (Athalye et al., 2018). We discover a flaw in the re-implementation that artificially weakens SAP. When SAP is applied properly, the proposed attack is not effective. However, we show that a new use of the BPDA attack technique can still reduce the accuracy of SAP to 0.1%.
