Improved and Interpretable Defense to Transferred Adversarial Examples by Jacobian Norm with Selective Input Gradient Regularization. (arXiv:2207.13036v2 [cs.LG] UPDATED)

Deep neural networks (DNNs) are known to be vulnerable to adversarial
examples that are crafted with imperceptible perturbations, i.e., a small
change in an input image can induce a mis-classification, and thus threatens
the reliability of deep learning based deployment systems. Adversarial training
(AT) is often adopted to improve the robustness of DNNs through training a
mixture of corrupted and clean data. However, most of AT based methods are
ineffective in dealing with \textit{transferred adversarial examples} which are
generated to …

adversarial defense input lg