pith. machine review for the scientific record. sign in

arxiv: 1905.01034 · v1 · submitted 2019-05-03 · 💻 cs.LG · cs.AI· cs.CR· stat.ML

Recognition: unknown

Transfer of Adversarial Robustness Between Perturbation Types

Daniel Kang , Yi Sun , Tom Brown , Dan Hendrycks , Jacob Steinhardt
Authors on Pith no claims yet
classification 💻 cs.LG cs.AIcs.CRstat.ML
keywords perturbationtypesadversarialrobustnessdifferentperturbationsrangeresults
0
0 comments X
read the original abstract

We study the transfer of adversarial robustness of deep neural networks between different perturbation types. While most work on adversarial examples has focused on $L_\infty$ and $L_2$-bounded perturbations, these do not capture all types of perturbations available to an adversary. The present work evaluates 32 attacks of 5 different types against models adversarially trained on a 100-class subset of ImageNet. Our empirical results suggest that evaluating on a wide range of perturbation sizes is necessary to understand whether adversarial robustness transfers between perturbation types. We further demonstrate that robustness against one perturbation type may not always imply and may sometimes hurt robustness against other perturbation types. In light of these results, we recommend evaluation of adversarial defenses take place on a diverse range of perturbation types and sizes.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Quantum Patches: Enhancing Robustness of Quantum Machine Learning Models

    quant-ph 2026-04 unverdicted novelty 6.0

    Random quantum circuits used as adversarial training data reduce successful attack rates on QML models for CIFAR-10 from 89.8% to 68.45% and for CINIC-10 from 94.23% to 78.68%.