make current defense approaches (ensemble models) to not depend on a specific AE type

softsys4ai / athena

Athena: A Framework for Defending Machine Learning Systems Against Adversarial Attacks

https://softsys4ai.github.io/athena/

MIT License

42 stars 9 forks source link

make current defense approaches (ensemble models) to not depend on a specific AE type #13

Closed oceank closed 4 years ago

oceank commented 5 years ago

Approach 1: add randomness (random noise) to AEs and then use them to train ensemble models

Approach 2: use the strongest type of AEs to build ensemble models for defense

MENG2010 commented 4 years ago

The new defense strategies do not depend on adversaries. i.e., the new strategies do not have any assumption on the adversarial attacks used to generate the AEs.