Exploiting the Inherent Limitation of L0 Adversarial Examples on ShortScience.org

www.usenix.org
sci-hub
scholar.google.com

Exploiting the Inherent Limitation of L0 Adversarial Examples
Zuo, Fei and Yang, Bokai and Li, Xiaopeng and Zeng, Qiang
USENIX Association RAID - 2019 via Local Bibsonomy
Keywords: dblp

Summaries/Notes 1

[link] Summary by David Stutz 4 years ago

Zuo et al. propose a two-stage system for detecting $L_0$ adversarial examples. Their system is based on the following two observations: (a) $L_0$ adversarial examples often result in very drastic changes of individual pixels and (b) these pixels are usually isolated and scattered over the image. Thus, they propose to train a siamese network to detect adversarial examples. To this end, they use a pre-processor and train the network to detect adversarial examples by taking the input and the pre-processed input. The pre-processing is assumed to influence benign images only slightly. In their case, an inpainting mechanism is used. Specifically, pixels where one color channel exhibits extremely small or large values are inpainted using any state-of-the-art approach, as shown in Figure 1. The siamese network learns to detect adversarial examples based on the differences in input images and inpainted images.

https://i.imgur.com/gsgWuin.jpg
Figure 1: Examples of inpainted $L_0$ adversarial examples.

Also find this summary at [davidstutz.de](https://davidstutz.de/category/reading/).

Your comment:

Write your summary here (You can use $\LaTeX$ and markdown syntax):

Anon Private