Thwarting Adversarial Attacks
Learn how to make models robust against adversarial attacks.
There are many ways to create systems that are resistant to adversarial attacks. Most methods are simple and don’t require too much work. However, there are also more robust, advanced methods—they are more involved but are also more comprehensive and better at capturing a wider range of adversarial attacks.
These methods all include some level of “softening” the data or the model. Traditionally, data with the most direct relationship between the
Traditional methods
Let’s explore some conventional but very effective methods of thwarting adversarial attacks. These are not cutting-edge methods, though adversarial training in particular has been found to be the single most effective way to create more robust algorithms.
Adversarial training
Adversarial training is the process of augmenting the training set to a model in ways that cover many adversarial attack strategies. In computer vision, for example, adversarial training involves taking the original data and performing several operations on it—rotations, mirroring, color shifts, background lighting, etc.—prior to training. The new dataset is not only larger but also trains the model to be better at a variety of scenarios. An adversarial attack is less effective because subtle changes to the data are most likely not enough to trick the model. Models trained on this data (which can even involve combinations of augmentations like “rotate + scale”) become very robust.
Get hands-on with 1400+ tech skills courses.