تقرير
Adversarial Training against Location-Optimized Adversarial Patches
| العنوان: | Adversarial Training against Location-Optimized Adversarial Patches |
|---|---|
| المؤلفون: | Rao, Sukrut, Stutz, David, Schiele, Bernt |
| المصدر: | Bartoli, A., Fusiello, A. (eds) Computer Vision - ECCV 2020 Workshops. ECCV 2020. Lecture Notes in Computer Science, vol 12539. Springer, Cham |
| سنة النشر: | 2020 |
| المجموعة: | Computer Science Statistics |
| مصطلحات موضوعية: | Computer Science - Computer Vision and Pattern Recognition, Computer Science - Cryptography and Security, Computer Science - Machine Learning, Statistics - Machine Learning |
| الوصف: | Deep neural networks have been shown to be susceptible to adversarial examples -- small, imperceptible changes constructed to cause mis-classification in otherwise highly accurate image classifiers. As a practical alternative, recent work proposed so-called adversarial patches: clearly visible, but adversarially crafted rectangular patches in images. These patches can easily be printed and applied in the physical world. While defenses against imperceptible adversarial examples have been studied extensively, robustness against adversarial patches is poorly understood. In this work, we first devise a practical approach to obtain adversarial patches while actively optimizing their location within the image. Then, we apply adversarial training on these location-optimized adversarial patches and demonstrate significantly improved robustness on CIFAR10 and GTSRB. Additionally, in contrast to adversarial training on imperceptible adversarial examples, our adversarial patch training does not reduce accuracy. Comment: 20 pages, 6 tables, 4 figures, 2 algorithms, European Conference on Computer Vision Workshops 2020 |
| نوع الوثيقة: | Working Paper |
| DOI: | 10.1007/978-3-030-68238-5_32 |
| URL الوصول: | http://arxiv.org/abs/2005.02313 |
| رقم الأكسشن: | edsarx.2005.02313 |
| قاعدة البيانات: | arXiv |
كن أول من يترك تعليقا!