On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses
Abstract
Neural networks are known to be vulnerable to adversarial examples. In this note, we evaluate the two white-box defenses that appeared at CVPR 2018 and find they are ineffective: when applying existing techniques, we can reduce the accuracy of the defended models to 0%.
- Publication:
-
arXiv e-prints
- Pub Date:
- April 2018
- DOI:
- 10.48550/arXiv.1804.03286
- arXiv:
- arXiv:1804.03286
- Bibcode:
- 2018arXiv180403286A
- Keywords:
-
- Computer Science - Computer Vision and Pattern Recognition;
- Computer Science - Cryptography and Security;
- Computer Science - Machine Learning;
- Statistics - Machine Learning