Improved Image Wasserstein Attacks and Defenses

April 26, 2020 · Entered Twilight · 🏛 arXiv.org

"Last commit was 5.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, README.md, adv_training_cifar.py, adv_training_mnist.py, assets, attack_cifar_baseline.py, attack_mnist_baseline.py, checkpoints, epsilons, models, pgd.py, plot, projected_sinkhorn, utils.py

Authors Edward J. Hu, Adith Swaminathan, Hadi Salman, Greg Yang arXiv ID 2004.12478 Category cs.LG: Machine Learning Cross-listed cs.CR, stat.ML Citations 11 Venue arXiv.org Repository https://github.com/edwardjhu/improved_wasserstein ⭐ 14 Last Checked 1 month ago

Abstract

Robustness against image perturbations bounded by a $\ell_p$ ball have been well-studied in recent literature. Perturbations in the real-world, however, rarely exhibit the pixel independence that $\ell_p$ threat models assume. A recently proposed Wasserstein distance-bounded threat model is a promising alternative that limits the perturbation to pixel mass movements. We point out and rectify flaws in previous definition of the Wasserstein threat model and explore stronger attacks and defenses under our better-defined framework. Lastly, we discuss the inability of current Wasserstein-robust models in defending against perturbations seen in the real world. Our code and trained models are available at https://github.com/edwardjhu/improved_wasserstein .