Corpus ID: 211989493

Black-box Smoothing: A Provable Defense for Pretrained Classifiers

@article{Salman2020BlackboxSA,
  title={Black-box Smoothing: A Provable Defense for Pretrained Classifiers},
  author={Hadi Salman and M. Sun and Greg Yang and Ashish Kapoor and J. Z. Kolter},
  journal={ArXiv},
  year={2020},
  volume={abs/2003.01908}
}
We present a method for provably defending any pretrained image classifier against $\ell_p$ adversarial attacks. By prepending a custom-trained denoiser to any off-the-shelf image classifier and using randomized smoothing, we effectively create a new classifier that is guaranteed to be $\ell_p$-robust to adversarial examples, without modifying the pretrained classifier. The approach applies both to the case where we have full access to the pretrained classifier as well as the case where we only… Expand
Certifying Joint Adversarial Robustness for Model Ensembles
Data Dependent Randomized Smoothing
Learning perturbation sets for robust machine learning
Convex Sets of Robust Recurrent Neural Networks
Adversarial Robustness of Supervised Sparse Coding
...
1
2
...

References

SHOWING 1-10 OF 54 REFERENCES
Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers
Simple Black-box Adversarial Attacks
Black-box Adversarial Attacks with Limited Queries and Information
Certified Adversarial Robustness via Randomized Smoothing
Provable defenses against adversarial examples via the convex outer adversarial polytope
CIIDefence: Defeating Adversarial Attacks by Fusing Class-Specific Image Inpainting and Image Denoising
  • Puneet Gupta, Esa Rahtu
  • Computer Science
  • 2019 IEEE/CVF International Conference on Computer Vision (ICCV)
  • 2019
Deflecting Adversarial Attacks with Pixel Deflection
MACER: Attack-free and Scalable Robust Training via Maximizing Certified Radius
A Framework for robustness Certification of Smoothed Classifiers using F-Divergences
Certified Robustness to Adversarial Examples with Differential Privacy
...
1
2
3
4
5
...