We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.LG
< prev | next >
new | recent | 2004

Change to browse by:

cs
cs.CR
stat
stat.ML

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Machine Learning

Title: Improved Image Wasserstein Attacks and Defenses

Authors: Edward J. Hu, Adith Swaminathan, Hadi Salman, Greg Yang
(Submitted on 26 Apr 2020 (v1), last revised 9 May 2023 (this version, v2))
Abstract: Robustness against image perturbations bounded by a $\ell_p$ ball have been well-studied in recent literature. Perturbations in the real-world, however, rarely exhibit the pixel independence that $\ell_p$ threat models assume. A recently proposed Wasserstein distance-bounded threat model is a promising alternative that limits the perturbation to pixel mass movements. We point out and rectify flaws in previous definition of the Wasserstein threat model and explore stronger attacks and defenses under our better-defined framework. Lastly, we discuss the inability of current Wasserstein-robust models in defending against perturbations seen in the real world. Our code and trained models are available at this https URL .
Comments: Best paper award at ICLR Trustworthy ML Workshop 2020
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Machine Learning (stat.ML)
Cite as: arXiv:2004.12478 [cs.LG]
  (or arXiv:2004.12478v2 [cs.LG] for this version)

Submission history

From: Edward Hu [view email]
[v1] Sun, 26 Apr 2020 20:50:33 GMT (4264kb,D)
[v2] Tue, 9 May 2023 19:48:02 GMT (2115kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.