论文标题
蜜罐防御的部分突破,以捕捉对抗性攻击
A Partial Break of the Honeypots Defense to Catch Adversarial Attacks
论文作者
论文摘要
最近的辩方建议将“蜜罐”注入神经网络,以检测对抗性攻击。我们通过将检测的真实正速率降低到0 \%,将检测AUC降低到0.02,从而破坏了该防御的基线版本,从而维持原始的失真界限。原始论文的作者在CCS'20论文中修改了辩护,以减轻此次攻击。为了帮助进一步的研究,我们在https://nicholas.carlini.com/code/code/ccs_honeypot_break https://nicholas.carlini.com/carlini.com/carlini.com/code/code/code/code/code/code/code/code-kreake发布了完整的2.5小时击键键。
A recent defense proposes to inject "honeypots" into neural networks in order to detect adversarial attacks. We break the baseline version of this defense by reducing the detection true positive rate to 0\% and the detection AUC to 0.02, maintaining the original distortion bounds. The authors of the original paper have amended the defense in their CCS'20 paper to mitigate this attacks. To aid further research, we release the complete 2.5 hour keystroke-by-keystroke screen recording of our attack process at https://nicholas.carlini.com/code/ccs_honeypot_break.
