Abstract
This paper presents RADAR-Robust Adversarial Detection via Adversarial Retraining-an approach designed to enhance the robustness of adversarial detectors against adaptive attacks, while maintaining classifier performance. An adaptive attack is one where the attacker is aware of the defenses and adapts their strategy accordingly. Our proposed method leverages adversarial training to reinforce the ability to detect attacks, without compromising clean accuracy. During the training phase, we integrate into the dataset adversarial examples, which were optimized to fool both the classifier and the adversarial detector, enabling the adversarial detector to learn and adapt to potential attack scenarios. Experimental evaluations on the CIFAR-10 and SVHN datasets demonstrate that our proposed algorithm significantly improves a detector's ability to accurately identify adaptive adversarial attacks -- without sacrificing clean accuracy.
Abstract (translated)
本文介绍了一种名为“通过对抗性重训练增强雷达稳健攻击检测”的方法,旨在提高对抗性检测器对自适应攻击的鲁棒性,同时保持分类器性能。自适应攻击是指攻击者知道防御措施并相应地调整其策略的攻击。我们所提出的方法利用对抗性训练来增强检测攻击的能力,而不会牺牲准确性。在训练阶段,我们将对抗性样本集成到数据集中,这些样本经过优化以欺骗分类器和对抗性检测器,使对抗性检测器能够学习和适应潜在攻击场景。在CIFAR-10和SVHN数据集上的实验评估证明,与传统的检测方法相比,我们所提出的算法显著提高了检测器准确识别自适应攻击的能力——而不会牺牲准确性。
URL
https://arxiv.org/abs/2404.12120
