Adversarial training for robustness
Why does this matter?
Machine learning models are becoming increasingly widespread. When they are employed in certain critical applications, the robustness of the system becomes of concern. It is even possible that people may try to break our algorithm. Imagine for example the case of spam filters, where spammers are attempting to fool the filter in order to get their message delivered. In machine learning, we call these threats adversarial.
This Roadmap
We will focus here on adversarial examples, where the attacker tries to break the model by perturbing the input data. However, it is worth noting that different types of adversarial threats exist, including perturbing the training data (data poisoning) or trying to determine whether a sample was part of the training data (membership inference).
This guide will help you increase the robustness of your system to adversarial attacks. Firstly, we will define adversarial examples. Secondly, we will address how to generate them. Finally we will see how to use adversarial examples to train your model and increase robustness.
Last updated