STUDY SPACE
MagNet: a Two-Pronged Defense against Adversarial Examples

MagNet: a Two-Pronged Defense against Adversarial Examples

11 Sep 2017 | Dongyu Meng, Hao Chen
MagNet is a two-pronged defense framework against adversarial examples. It does not modify the target classifier or require knowledge of the adversarial generation process. MagNet includes detector networks that learn to distinguish normal and adversarial examples by approximating the manifold of normal examples, and a reformer network that moves adversarial examples toward the normal manifold. The detector networks generalize well because they do not assume a specific adversarial generation process. The reformer network effectively classifies adversarial examples with small perturbations by approximating the normal manifold. MagNet also addresses whitebox and graybox attacks. It uses diversity to strengthen its defense, inspired by cryptographic principles. MagNet is effective against advanced blackbox and graybox attacks without increasing the false positive rate on normal examples. It is evaluated on MNIST and CIFAR-10 datasets, showing high accuracy against adversarial examples generated by various attacks, including Carlini's attack. MagNet's performance is robust across different confidence levels and attack types, demonstrating its effectiveness and generalization.MagNet is a two-pronged defense framework against adversarial examples. It does not modify the target classifier or require knowledge of the adversarial generation process. MagNet includes detector networks that learn to distinguish normal and adversarial examples by approximating the manifold of normal examples, and a reformer network that moves adversarial examples toward the normal manifold. The detector networks generalize well because they do not assume a specific adversarial generation process. The reformer network effectively classifies adversarial examples with small perturbations by approximating the normal manifold. MagNet also addresses whitebox and graybox attacks. It uses diversity to strengthen its defense, inspired by cryptographic principles. MagNet is effective against advanced blackbox and graybox attacks without increasing the false positive rate on normal examples. It is evaluated on MNIST and CIFAR-10 datasets, showing high accuracy against adversarial examples generated by various attacks, including Carlini's attack. MagNet's performance is robust across different confidence levels and attack types, demonstrating its effectiveness and generalization.
Terms of Service
Privacy Policy
Reach us at info@study.space