Proposing a practical defense strategy against transfer attacks from public models, PUBDEF outperforms white-box adversarial training with minimal loss in clean accuracy.
Adversarial attacks are a significant threat, but defending against transfer attacks from public models is crucial for security-sensitive applications.