Towards Evaluating the Robustness of Neural Networks

Neural networks provide state-of-the-art results for most machine learning tasks. Unfortunately, neural networks are vulnerable to adversarial examples: given an input x and any target classification t, it is possible to find a new input x' that is similar to x but classified as t. This makes it difficult to apply neural networks in security-critical areas. Defensive distillation is a recently proposed approach that can take an arbitrary neural network, and increase its robustness, reducing the success rate of current attacks' ability to find adversarial examples from 95% to 0.5%. In this paper, we demonstrate that defensive distillation does not significantly increase the robustness of neural networks by…

• CS
  Cisco Systems
• IS
  International Science and Technology Center
• MU
  Multidisciplinary University Research Initiative

  Award: FA9550-12-1-0040
• AF
  Air Force Office of Scientific Research

  Awards: FA9550-, FA9550, FA9550-12, FA9550-12-1-004, FA9550-12-1, FA9550-12-1-0040