Combating Adversarial Attacks Using Sparse Representations

From MaRDI portal
Publication:6298884

arXiv1803.03880MaRDI QIDQ6298884

Author name not available (Why is that?)

Publication date: 10 March 2018

Abstract: It is by now well-known that small adversarial perturbations can induce classification errors in deep neural networks (DNNs). In this paper, we make the case that sparse representations of the input data are a crucial tool for combating such attacks. For linear classifiers, we show that a sparsifying front end is provably effective against ellinfty-bounded attacks, reducing output distortion due to the attack by a factor of roughly K/N where N is the data dimension and K is the sparsity level. We then extend this concept to DNNs, showing that a "locally linear" model can be used to develop a theoretical foundation for crafting attacks and defenses. Experimental results for the MNIST dataset show the efficacy of the proposed sparsifying front end.




Has companion code repository: https://github.com/ZhinusMarzi/Sparsity-based-defenses-against-adversarial-attacks








This page was built for publication: Combating Adversarial Attacks Using Sparse Representations

Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q6298884)

Retrieved from "https://mardi.schubotz.org/w/index.php?title=Publication:6298884&oldid=35879802"
Powered by MediaWiki