Adversarial attacks rely on a specific model’s gradient (since you’re essentiall... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		KMnO4 on April 27, 2021 \| parent \| context \| favorite \| on: Tool can make photos undetectable to facial recogn... Adversarial attacks rely on a specific model’s gradient (since you’re essentially trying to find the most sensitive pixels). Adversarial noise that affects model A won’t necessarily work on model B. That said, most people transfer train from well trained nets (ImageNet, Inception, etc). Finally, not all SOTA methods are susceptible to adversarial attacks, eg capsule networks.

throw99901 on April 27, 2021 [–]

>Finally, not all SOTA methods are susceptible to adversarial attacks, eg capsule networks.

They appear to be susceptible: https://arxiv.org/pdf/1906.03612.pdf

KMnO4 on April 28, 2021 | [–]

That’s neat; hadn’t seen that paper. Thanks for sharing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact