Thwarting Adversarial Attacks

There are many ways to create systems that are resistant to adversarial attacks. Most methods are simple and don’t require too much work. However, there are also more robust, advanced methods—they are more involved but are also more comprehensive and better at capturing a wider range of adversarial attacks.

These methods all include some level of “softening” the data or the model. Traditionally, data with the most direct relationship between the $X$ and $Y$ was the best way to achieve maximal performance. With adversarial methods, algorithms and processes that perform well but have a “fuzzier” relationship between $X$ and $Y$ are coveted. This is because if decision boundaries are very sharp (i.e., if ...