Training ensembles to detect adversarial examples
We propose a new ensemble method for detecting and classifying adversarial examples
generated by state-of-the-art attacks, including DeepFool and C&W. Our method works by
training the members of an ensemble to have low classification error on random benign
examples while simultaneously minimizing agreement on examples outside the training
distribution. We evaluate on both MNIST and CIFAR-10, against oblivious and both white-
and black-box adversaries.
generated by state-of-the-art attacks, including DeepFool and C&W. Our method works by
training the members of an ensemble to have low classification error on random benign
examples while simultaneously minimizing agreement on examples outside the training
distribution. We evaluate on both MNIST and CIFAR-10, against oblivious and both white-
and black-box adversaries.
We propose a new ensemble method for detecting and classifying adversarial examples generated by state-of-the-art attacks, including DeepFool and C&W. Our method works by training the members of an ensemble to have low classification error on random benign examples while simultaneously minimizing agreement on examples outside the training distribution. We evaluate on both MNIST and CIFAR-10, against oblivious and both white- and black-box adversaries.
arxiv.org