Recently, physical domain adversarial attacks have drawn significant attention from the machine learning community. One important attack proposed by Eykholt et al. can fool a classifier by placing black and white stickers on an object such as a road sign. While this attack may pose a significant threat to visual classifiers, there are currently no defenses designed to protect against this attack. In this paper, we propose new defenses that can protect against multi-sticker attacks. We present defensive strategies capable of operating when the defender has full, partial, and no prior information about the attack. By conducting extensive experiments, we show that our proposed defenses can outperform existing defenses against physical attacks when presented with a multi-sticker attack.
翻译:最近,物理领域对抗性攻击引起了机器学习界的极大关注。 Eykholt等人提出的一项重要攻击可以将黑白标签贴在路标等物体上,从而欺骗分类者。虽然这次攻击可能对视觉分类者构成重大威胁,但目前没有旨在防范这种攻击的防御措施。在本文中,我们提出了新的防御措施,可以防范多棒攻击。我们提出了防御战略,在辩护人完全、部分和事先没有关于攻击的任何信息的情况下可以操作。通过进行广泛的实验,我们表明我们提议的防御措施可以超过现有的防御措施,在多棒攻击时可以防止人身攻击。
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员