search

robust-ml / robust-ml.github.io

A community-run reference for state-of-the-art adversarial example defenses.
https://www.robust-ml.org/
Creative Commons Attribution Share Alike 4.0 International
49 stars 7 forks source link

The Square Attack breaks "Bandlimiting Neural Networks Against Adversarial Attacks" #15

Closed max-andr closed 4 years ago

max-andr commented 4 years ago

Defense: {Bandlimiting Neural Networks Against Adversarial Attacks}

Write-up: {https://arxiv.org/abs/1912.00049}

Authors: {Maksym Andriushchenko, Francesco Croce, Nicolas Flammarion, Matthias Hein}

Code: {https://github.com/max-andr/square-attack/}

Does the code implement the robust-ml API and include pre-trained models: {yes}

Claims: {Under Linf eps=8/255 these models have: 15.8% adversarial accuracy on CIFAR-10 (on 1k points), 0.4% adversarial accuracy in ImageNet (on 1k points). The results were obtained using the Square Attack which is based on random search. The details can be found in Section 5.2 of our paper (see "Breaking the post-averaging defense".}

anishathalye commented 4 years ago

Thanks for your submission! Always nice to see more analyses :)

Added in 6c4a8c317372ad4b3f530e9c5578d8e0b9f7eba4 and live on the site.