Extend Ensemble Adversarial Training by Conventional Input Rectification

Caryox / adversarial-robustness

Robustness of Adversial Neural Networks

3 stars 0 forks source link

Extend Ensemble Adversarial Training by Conventional Input Rectification #9

Closed daniel-knape closed 1 year ago

daniel-knape commented 2 years ago

Read paper
Create the code

daniel-knape commented 2 years ago

21h estimated

Caryox commented 2 years ago

In order to mitigate the adversarial effects, Xu et al. [75] first utilize two squeezing (denoising) methods—bit-reduction and image-blurring—to reduce the degrees of freedom and remove the adversarial perturbations.

We have to check, if bit reduction is suitable because we are using already 8bit Images. Maybe we just use 2 bit for only black/white without grey shades? Or make image squeezing parameters callable to modify image squeezes different for eacht ensemble call.

Caryox commented 2 years ago

Use data extractor function to manipulate data after data loader is initialized
Check if image rectification is static or dynamic for each batch (should we always blurr images the same amount or is the blurring randomized?)

Caryox commented 2 years ago

https://arxiv.org/pdf/1705.10686.pdf

Use color depth manipulation and median smoothing

Caryox commented 2 years ago

Testing phase, functionality is given for single network. Next phase is to use image rectification for ensemble