davidslater
commented
4 years ago For examples, I was thinking that we could do a simple network transformation defense. We could take a pretrained resnet and replace the ReLU activations with ReLU6 (or similar hardtanh) with some max value (ostensibly, to prevent adversarial examples from generating very large activations).
Should be reasonbly straightforward, similar to: https://gist.github.com/chauhan-utk/40d25e60cfd6d2a393e34cfcb7eb25f6
It'd be nice to have an example for the demonstration