pith. sign in

arxiv: 1812.05013 · v1 · pith:QKRAJCYNnew · submitted 2018-12-12 · 💻 cs.LG · cs.CR· cs.DS· stat.ML

Thwarting Adversarial Examples: An L₀-RobustSparse Fourier Transform

classification 💻 cs.LG cs.CRcs.DSstat.ML
keywords transformadversarialalgorithmattackbeencorrupteddiscretefourier
0
0 comments X
read the original abstract

We give a new algorithm for approximating the Discrete Fourier transform of an approximately sparse signal that has been corrupted by worst-case $L_0$ noise, namely a bounded number of coordinates of the signal have been corrupted arbitrarily. Our techniques generalize to a wide range of linear transformations that are used in data analysis such as the Discrete Cosine and Sine transforms, the Hadamard transform, and their high-dimensional analogs. We use our algorithm to successfully defend against well known $L_0$ adversaries in the setting of image classification. We give experimental results on the Jacobian-based Saliency Map Attack (JSMA) and the Carlini Wagner (CW) $L_0$ attack on the MNIST and Fashion-MNIST datasets as well as the Adversarial Patch on the ImageNet dataset.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.