Samangouei P, Kabkab M, Chellappa R. Defense-gan: Protecting classifiers against adversarial attacks using generative models[J]. arXiv preprint arXiv:1805.06605, 2018.
1. Overview
In this paper, it proposed Defense-GAN methods
- train to model the distribution of unperturbed images
- does not assume knowledge of the process for generating the adversarial examples
- effective against both white-box and black-box attacks
1.1. Defense Type
- modify the training data: adversarial training
modify the training procedure of the classifier to reduce the magnitude of gradients: defensive distilation
remove the adversarial noise
1.2. Attack Type
- FGSM
RAND+FGSM
C&W
- Iterative FGSM
- Jacobian-based Saliency Map Attack (JSMA)
- Deepfool
1.3. Algorithm
