The article focuses on the issue of adversarial attacks in machine learning, particularly transfer attacks. The authors argue that traditional white-box threat models are unrealistic and introduce a new practical threat model that relies on transfer attacks through publicly available models. A new defense method called PUBDEF is proposed, evaluated, and found to outperform the state-of-the-art white-box adversarial training with minimal loss in normal accuracy. The authors foresee this setting becoming more prevalent in security-sensitive applications in the future.
Publication date: 26 Oct 2023
Project Page: https://github.com/wagner-group/pubdef
Paper: https://arxiv.org/pdf/2310.17645