-
Notifications
You must be signed in to change notification settings - Fork 1.2k
ART Defences
Beat Buesser edited this page Mar 28, 2023
·
7 revisions
- InverseGAN (An Lin et al. 2019)
- DefenseGAN (Samangouei et al. 2018)
- Video Compression (Carlini et al., 2019)
- Resampling (Yang et al., 2019)
- Thermometer Encoding (Buckman et al., 2018)
- MP3 Compression (Carlini, N. & Wagner, D., 2018)
- Total Variance Minimization (Guo et al., 2018)
- PixelDefend (Song et al., 2017)
- Gaussian Data Augmentation (Zantedeschi et al., 2017)
- Feature Squeezing (Xu et al., 2017)
- Spatial Smoothing (Xu et al., 2017)
- Spatial Smoothing PyTorch
- Spatial Smoothing TensorFlow v2
- JPEG Compression (Dziugaite et al., 2016)
- Label Smoothing (Warde-Farley and Goodfellow, 2016)
- Virtual adversarial training (Miyato et al., 2015)
- Cutout (DeVries et al., 2017)
- Cutout PyTorch
- Cutout TensorFlow v2
- Mixup (Zhang et al., 2017)
- Mixup PyTorch
- Mixup TensorFlow v2
- CutMix (Yun et al., 2019)
- CutMix PyTorch
- CutMix TensorFlow v2
- Reverse Sigmoid (Lee et al., 2018)
- Random Noise (Chandrasekaranet al., 2018)
- Class Labels (Tramer et al., 2016, Chandrasekaranet al., 2018)
- High Confidence (Tramer et al., 2016)
- Rounding (Tramer et al., 2016)
- General Adversarial Training (Szegedy et al., 2013)
- Madry's Protocol (Madry et al., 2017)
- Fast Is Better Than Free (Wong et al., 2020) * Certified Adversarial Training (Mirman et al., 2018)
- Interval Bound Propagation (Gowal et al., 2018)
- DP-InstaHide (Borgnia et al., 2021)
- Defensive Distillation (Papernot et al., 2015)
- Neural Cleanse (Wang et al., 2019)
- STRong Intentional Perturbation (STRIP) (Gao et al., 2019)
- Basic detector based on inputs
- Detector trained on the activations of a specific layer
- Detector based on Fast Generalized Subset Scan (Speakman et al., 2018)
- Detection based on activations analysis (Chen et al., 2018)
- Detection based on data provenance (Baracaldo et al., 2018)
- Detection based on spectral signatures (Tran et al., 2018)
- Reject on Negative Impact (RONI) (Nelson et al., 2019)