Transfer of adversarial robustness between perturbation types
Captured source
source ↗Transfer of adversarial robustness between perturbation types | OpenAI
May 3, 2019
Publication
Transfer of adversarial robustness between perturbation types
Read paper
Loading…
Share
Abstract
We study the transfer of adversarial robustness of deep neural networks between different perturbation types. While most work on adversarial examples has focused on L∞ L_∞ and L2 L_2 -bounded perturbations, these do not capture all types of perturbations available to an adversary. The present work evaluates 32 attacks of 5 different types against models adversarially trained on a 100-class subset of ImageNet. Our empirical results suggest that evaluating on a wide range of perturbation sizes is necessary to understand whether adversarial robustness transfers between perturbation types. We further demonstrate that robustness against one perturbation type may not always imply and may sometimes hurt robustness against other perturbation types. In light of these results, we recommend evaluation of adversarial defenses take place on a diverse range of perturbation types and sizes.
- Ethics & Safety
Authors
Daniel Kang, Yi Sun, Tom Brown, Dan Hendrycks, Jacob Steinhardt
Related articles
View all
Disrupting malicious uses of AI by state-affiliated threat actorsSecurityFeb 14, 2024
Building an early warning system for LLM-aided biological threat creationPublicationJan 31, 2024
Democratic inputs to AI grant program: lessons learned and implementation plansSafetyJan 16, 2024