Conceptos Básicos
AToP combines adversarial training and purification to enhance robustness and generalization.
Resumen
Adversarial attacks pose a threat to deep neural networks.
Adversarial Training (AT) and Adversarial Purification (AP) have limitations.
AToP combines AT and AP to achieve optimal robustness and generalization.
AToP consists of perturbation destruction and purifier model fine-tuning.
Extensive experiments on CIFAR-10, CIFAR-100, and ImageNette show state-of-the-art results.
Estadísticas
딥 뉴럴 네트워크는 적대적 공격에 취약하다.
Adversarial Training (AT)과 Adversarial Purification (AP)에는 한계가 있다.
AToP은 AT와 AP를 결합하여 최적의 견고성과 일반화를 달성한다.
Citas
"To mitigate these issues, we propose a novel pipeline called Adversarial Training on Purification (AToP)."
"Our method significantly improves the performance of the purifier model in robust classification."