{"data":{"id":"10.48550/arxiv.1803.10840","type":"dois","attributes":{"doi":"10.48550/arxiv.1803.10840","prefix":"10.48550","suffix":"arxiv.1803.10840","identifiers":[{"identifier":"1803.10840","identifierType":"arXiv"}],"alternateIdentifiers":[{"alternateIdentifierType":"arXiv","alternateIdentifier":"1803.10840"}],"creators":[{"name":"Shaham, Uri","nameType":"Personal","givenName":"Uri","familyName":"Shaham","affiliation":[],"nameIdentifiers":[]},{"name":"Garritano, James","nameType":"Personal","givenName":"James","familyName":"Garritano","affiliation":[],"nameIdentifiers":[]},{"name":"Yamada, Yutaro","nameType":"Personal","givenName":"Yutaro","familyName":"Yamada","affiliation":[],"nameIdentifiers":[]},{"name":"Weinberger, Ethan","nameType":"Personal","givenName":"Ethan","familyName":"Weinberger","affiliation":[],"nameIdentifiers":[]},{"name":"Cloninger, Alex","nameType":"Personal","givenName":"Alex","familyName":"Cloninger","affiliation":[],"nameIdentifiers":[]},{"name":"Cheng, Xiuyuan","nameType":"Personal","givenName":"Xiuyuan","familyName":"Cheng","affiliation":[],"nameIdentifiers":[]},{"name":"Stanton, Kelly","nameType":"Personal","givenName":"Kelly","familyName":"Stanton","affiliation":[],"nameIdentifiers":[]},{"name":"Kluger, Yuval","nameType":"Personal","givenName":"Yuval","familyName":"Kluger","affiliation":[],"nameIdentifiers":[]}],"titles":[{"title":"Defending against Adversarial Images using Basis Functions Transformations"}],"publisher":"arXiv","container":{},"publicationYear":2018,"subjects":[{"lang":"en","subject":"Machine Learning (stat.ML)","subjectScheme":"arXiv"},{"lang":"en","subject":"Machine Learning (cs.LG)","subjectScheme":"arXiv"},{"subject":"FOS: Computer and information sciences","subjectScheme":"Fields of Science and Technology (FOS)"},{"subject":"FOS: Computer and information sciences","schemeUri":"http://www.oecd.org/science/inno/38235147.pdf","subjectScheme":"Fields of Science and Technology (FOS)"}],"contributors":[],"dates":[{"date":"2018-03-28T20:27:58Z","dateType":"Submitted","dateInformation":"v1"},{"date":"2018-03-30T00:01:54Z","dateType":"Updated","dateInformation":"v1"},{"date":"2018-03-30T22:14:16Z","dateType":"Submitted","dateInformation":"v2"},{"date":"2018-04-03T00:03:04Z","dateType":"Updated","dateInformation":"v2"},{"date":"2018-04-16T18:44:46Z","dateType":"Submitted","dateInformation":"v3"},{"date":"2018-04-18T00:01:27Z","dateType":"Updated","dateInformation":"v3"},{"date":"2018-03","dateType":"Available","dateInformation":"v1"},{"date":"2018","dateType":"Issued"}],"language":null,"types":{"ris":"GEN","bibtex":"misc","citeproc":"article","schemaOrg":"CreativeWork","resourceType":"Article","resourceTypeGeneral":"Preprint"},"relatedIdentifiers":[],"relatedItems":[],"sizes":[],"formats":[],"version":"3","rightsList":[{"rights":"arXiv.org perpetual, non-exclusive license","rightsUri":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/"}],"descriptions":[{"description":"We study the effectiveness of various approaches that defend against adversarial attacks on deep networks via manipulations based on basis function representations of images. Specifically, we experiment with low-pass filtering, PCA, JPEG compression, low resolution wavelet approximation, and soft-thresholding. We evaluate these defense techniques using three types of popular attacks in black, gray and white-box settings. Our results show JPEG compression tends to outperform the other tested defenses in most of the settings considered, in addition to soft-thresholding, which performs well in specific cases, and yields a more mild decrease in accuracy on benign examples. In addition, we also mathematically derive a novel white-box attack in which the adversarial perturbation is composed only of terms corresponding a to pre-determined subset of the basis functions, of which a \"low frequency attack\" is a special case.","descriptionType":"Abstract"},{"description":"added link to GitHub repository","descriptionType":"Other"}],"geoLocations":[],"fundingReferences":[],"xml":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHJlc291cmNlIHhtbG5zPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCBodHRwOi8vc2NoZW1hLmRhdGFjaXRlLm9yZy9tZXRhL2tlcm5lbC00LjMvbWV0YWRhdGEueHNkIj4KICA8aWRlbnRpZmllciBpZGVudGlmaWVyVHlwZT0iRE9JIj4xMC40ODU1MC9BUlhJVi4xODAzLjEwODQwPC9pZGVudGlmaWVyPgogIDxhbHRlcm5hdGVJZGVudGlmaWVycz4KICAgIDxhbHRlcm5hdGVJZGVudGlmaWVyIGFsdGVybmF0ZUlkZW50aWZpZXJUeXBlPSJhclhpdiI+MTgwMy4xMDg0MDwvYWx0ZXJuYXRlSWRlbnRpZmllcj4KICA8L2FsdGVybmF0ZUlkZW50aWZpZXJzPgogIDxjcmVhdG9ycz4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5TaGFoYW0sIFVyaTwvY3JlYXRvck5hbWU+CiAgICAgIDxnaXZlbk5hbWU+VXJpPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPlNoYWhhbTwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5HYXJyaXRhbm8sIEphbWVzPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5KYW1lczwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5HYXJyaXRhbm88L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgICA8Y3JlYXRvcj4KICAgICAgPGNyZWF0b3JOYW1lIG5hbWVUeXBlPSJQZXJzb25hbCI+WWFtYWRhLCBZdXRhcm88L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPll1dGFybzwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5ZYW1hZGE8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgICA8Y3JlYXRvcj4KICAgICAgPGNyZWF0b3JOYW1lIG5hbWVUeXBlPSJQZXJzb25hbCI+V2VpbmJlcmdlciwgRXRoYW48L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPkV0aGFuPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPldlaW5iZXJnZXI8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgICA8Y3JlYXRvcj4KICAgICAgPGNyZWF0b3JOYW1lIG5hbWVUeXBlPSJQZXJzb25hbCI+Q2xvbmluZ2VyLCBBbGV4PC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5BbGV4PC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPkNsb25pbmdlcjwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5DaGVuZywgWGl1eXVhbjwvY3JlYXRvck5hbWU+CiAgICAgIDxnaXZlbk5hbWU+WGl1eXVhbjwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5DaGVuZzwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5TdGFudG9uLCBLZWxseTwvY3JlYXRvck5hbWU+CiAgICAgIDxnaXZlbk5hbWU+S2VsbHk8L2dpdmVuTmFtZT4KICAgICAgPGZhbWlseU5hbWU+U3RhbnRvbjwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5LbHVnZXIsIFl1dmFsPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5ZdXZhbDwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5LbHVnZXI8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgPC9jcmVhdG9ycz4KICA8dGl0bGVzPgogICAgPHRpdGxlPkRlZmVuZGluZyBhZ2FpbnN0IEFkdmVyc2FyaWFsIEltYWdlcyB1c2luZyBCYXNpcyBGdW5jdGlvbnMgVHJhbnNmb3JtYXRpb25zPC90aXRsZT4KICA8L3RpdGxlcz4KICA8cHVibGlzaGVyPmFyWGl2PC9wdWJsaXNoZXI+CiAgPHB1YmxpY2F0aW9uWWVhcj4yMDE4PC9wdWJsaWNhdGlvblllYXI+CiAgPHN1YmplY3RzPgogICAgPHN1YmplY3QgeG1sOmxhbmc9ImVuIiBzdWJqZWN0U2NoZW1lPSJhclhpdiI+TWFjaGluZSBMZWFybmluZyAoc3RhdC5NTCk8L3N1YmplY3Q+CiAgICA8c3ViamVjdCB4bWw6bGFuZz0iZW4iIHN1YmplY3RTY2hlbWU9ImFyWGl2Ij5NYWNoaW5lIExlYXJuaW5nIChjcy5MRyk8L3N1YmplY3Q+CiAgICA8c3ViamVjdCBzdWJqZWN0U2NoZW1lPSJGaWVsZHMgb2YgU2NpZW5jZSBhbmQgVGVjaG5vbG9neSAoRk9TKSI+Rk9TOiBDb21wdXRlciBhbmQgaW5mb3JtYXRpb24gc2NpZW5jZXM8L3N1YmplY3Q+CiAgPC9zdWJqZWN0cz4KICA8ZGF0ZXM+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iU3VibWl0dGVkIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE4LTAzLTI4VDIwOjI3OjU4WjwvZGF0ZT4KICAgIDxkYXRlIGRhdGVUeXBlPSJVcGRhdGVkIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE4LTAzLTMwVDAwOjAxOjU0WjwvZGF0ZT4KICAgIDxkYXRlIGRhdGVUeXBlPSJTdWJtaXR0ZWQiIGRhdGVJbmZvcm1hdGlvbj0idjIiPjIwMTgtMDMtMzBUMjI6MTQ6MTZaPC9kYXRlPgogICAgPGRhdGUgZGF0ZVR5cGU9IlVwZGF0ZWQiIGRhdGVJbmZvcm1hdGlvbj0idjIiPjIwMTgtMDQtMDNUMDA6MDM6MDRaPC9kYXRlPgogICAgPGRhdGUgZGF0ZVR5cGU9IlN1Ym1pdHRlZCIgZGF0ZUluZm9ybWF0aW9uPSJ2MyI+MjAxOC0wNC0xNlQxODo0NDo0Nlo8L2RhdGU+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iVXBkYXRlZCIgZGF0ZUluZm9ybWF0aW9uPSJ2MyI+MjAxOC0wNC0xOFQwMDowMToyN1o8L2RhdGU+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iQXZhaWxhYmxlIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE4LTAzPC9kYXRlPgogIDwvZGF0ZXM+CiAgPHJlc291cmNlVHlwZSByZXNvdXJjZVR5cGVHZW5lcmFsPSJQcmVwcmludCI+QXJ0aWNsZTwvcmVzb3VyY2VUeXBlPgogIDx2ZXJzaW9uPjM8L3ZlcnNpb24+CiAgPHJpZ2h0c0xpc3Q+CiAgICA8cmlnaHRzIHJpZ2h0c1VSST0iaHR0cDovL2FyeGl2Lm9yZy9saWNlbnNlcy9ub25leGNsdXNpdmUtZGlzdHJpYi8xLjAvIj5hclhpdi5vcmcgcGVycGV0dWFsLCBub24tZXhjbHVzaXZlIGxpY2Vuc2U8L3JpZ2h0cz4KICA8L3JpZ2h0c0xpc3Q+CiAgPGRlc2NyaXB0aW9ucz4KICAgIDxkZXNjcmlwdGlvbiBkZXNjcmlwdGlvblR5cGU9IkFic3RyYWN0Ij5XZSBzdHVkeSB0aGUgZWZmZWN0aXZlbmVzcyBvZiB2YXJpb3VzIGFwcHJvYWNoZXMgdGhhdCBkZWZlbmQgYWdhaW5zdCBhZHZlcnNhcmlhbCBhdHRhY2tzIG9uIGRlZXAgbmV0d29ya3MgdmlhIG1hbmlwdWxhdGlvbnMgYmFzZWQgb24gYmFzaXMgZnVuY3Rpb24gcmVwcmVzZW50YXRpb25zIG9mIGltYWdlcy4gU3BlY2lmaWNhbGx5LCB3ZSBleHBlcmltZW50IHdpdGggbG93LXBhc3MgZmlsdGVyaW5nLCBQQ0EsIEpQRUcgY29tcHJlc3Npb24sIGxvdyByZXNvbHV0aW9uIHdhdmVsZXQgYXBwcm94aW1hdGlvbiwgYW5kIHNvZnQtdGhyZXNob2xkaW5nLiBXZSBldmFsdWF0ZSB0aGVzZSBkZWZlbnNlIHRlY2huaXF1ZXMgdXNpbmcgdGhyZWUgdHlwZXMgb2YgcG9wdWxhciBhdHRhY2tzIGluIGJsYWNrLCBncmF5IGFuZCB3aGl0ZS1ib3ggc2V0dGluZ3MuIE91ciByZXN1bHRzIHNob3cgSlBFRyBjb21wcmVzc2lvbiB0ZW5kcyB0byBvdXRwZXJmb3JtIHRoZSBvdGhlciB0ZXN0ZWQgZGVmZW5zZXMgaW4gbW9zdCBvZiB0aGUgc2V0dGluZ3MgY29uc2lkZXJlZCwgaW4gYWRkaXRpb24gdG8gc29mdC10aHJlc2hvbGRpbmcsIHdoaWNoIHBlcmZvcm1zIHdlbGwgaW4gc3BlY2lmaWMgY2FzZXMsIGFuZCB5aWVsZHMgYSBtb3JlIG1pbGQgZGVjcmVhc2UgaW4gYWNjdXJhY3kgb24gYmVuaWduIGV4YW1wbGVzLiBJbiBhZGRpdGlvbiwgd2UgYWxzbyBtYXRoZW1hdGljYWxseSBkZXJpdmUgYSBub3ZlbCB3aGl0ZS1ib3ggYXR0YWNrIGluIHdoaWNoIHRoZSBhZHZlcnNhcmlhbCBwZXJ0dXJiYXRpb24gaXMgY29tcG9zZWQgb25seSBvZiB0ZXJtcyBjb3JyZXNwb25kaW5nIGEgdG8gcHJlLWRldGVybWluZWQgc3Vic2V0IG9mIHRoZSBiYXNpcyBmdW5jdGlvbnMsIG9mIHdoaWNoIGEgImxvdyBmcmVxdWVuY3kgYXR0YWNrIiBpcyBhIHNwZWNpYWwgY2FzZS48L2Rlc2NyaXB0aW9uPgogICAgPGRlc2NyaXB0aW9uIGRlc2NyaXB0aW9uVHlwZT0iT3RoZXIiPmFkZGVkIGxpbmsgdG8gR2l0SHViIHJlcG9zaXRvcnk8L2Rlc2NyaXB0aW9uPgogIDwvZGVzY3JpcHRpb25zPgo8L3Jlc291cmNlPg==","url":"https://arxiv.org/abs/1803.10840","contentUrl":null,"metadataVersion":0,"schemaVersion":"http://datacite.org/schema/kernel-4","source":"mds","isActive":true,"state":"findable","reason":null,"viewCount":0,"viewsOverTime":[],"downloadCount":0,"downloadsOverTime":[],"referenceCount":0,"citationCount":0,"citationsOverTime":[],"partCount":0,"partOfCount":0,"versionCount":0,"versionOfCount":0,"created":"2022-03-02T23:49:38.000Z","registered":"2022-03-02T23:49:39.000Z","published":"2018","updated":"2022-03-02T23:49:39.000Z"},"relationships":{"client":{"data":{"id":"arxiv.content","type":"clients"}},"provider":{"data":{"id":"arxiv","type":"providers"}},"media":{"data":{"id":"10.48550/arxiv.1803.10840","type":"media"}},"references":{"data":[]},"citations":{"data":[]},"parts":{"data":[]},"partOf":{"data":[]},"versions":{"data":[]},"versionOf":{"data":[]}}}}