Improving Network Robustness against Adversarial Attacks with Compact ConvolutionImproving Network Robustness against Adversarial Attacks with Compact ConvolutionRanjan, Rajeev and Sankaranarayanan, Swami and Castillo, Carlos D. and Chellappa, Rama2017
Paper summarydavidstutzRanjan et al. propose to constrain deep features to lie on hyperspheres in order to improve robustness against adversarial examples. For the last fully-connected layer, this is achieved by the L2-softmax, which forces the features to lie on the hypersphere. For intermediate convolutional or fully-connected layer, the same effect is achieved analogously, i.e., by normalizing inputs, scaling them and applying the convolution/weight multiplication. In experiments, the authors argue that this improves robustness against simple attacks such as FGSM and DeepFool.
Also find this summary at [davidstutz.de](https://davidstutz.de/category/reading/).
Improving Network Robustness against Adversarial Attacks with Compact Convolution
Ranjan, Rajeev
and
Sankaranarayanan, Swami
and
Castillo, Carlos D.
and
Chellappa, Rama
arXiv e-Print archive - 2017 via Local Bibsonomy
Keywords:
dblp
Ranjan et al. propose to constrain deep features to lie on hyperspheres in order to improve robustness against adversarial examples. For the last fully-connected layer, this is achieved by the L2-softmax, which forces the features to lie on the hypersphere. For intermediate convolutional or fully-connected layer, the same effect is achieved analogously, i.e., by normalizing inputs, scaling them and applying the convolution/weight multiplication. In experiments, the authors argue that this improves robustness against simple attacks such as FGSM and DeepFool.
Also find this summary at [davidstutz.de](https://davidstutz.de/category/reading/).