Jacob Buckman and Aurko Roy and Colin Raffel and Ian Goodfellow. Thermometer Encoding: One Hot Way To Resist Adversarial Examples. https://openreview.net/forum?id=S18Su--CW, 2018.
Buckman et al. introduce thermometer encodings, a discretization scheme for improving the robustness of neural networks against adversarial examples. The computation of a thermometer discretization is illustrated in Table 1, where it is compared to the well-known one-hot encoding (which, however, does not preserve distances well). The basic idea of Buckman et al. is to apply the thermometer encoding (i.e., the discretization) before feeding the input to the network. Additionally, they introduce two novel, discrete attacks for challenging their defense mechanism – I refer to the paper for details. They show experimentally, that this discretization (also together with adversarial examples) improves robustness.
What is your opinion on this article? Let me know your thoughts on Twitter @davidstutz92 or LinkedIn in/davidstutz92.
Buckman et al. introduce thermometer encodings, a discretization scheme for improving the robustness of neural networks against adversarial examples. The computation of a thermometer discretization is illustrated in Table 1, where it is compared to the well-known one-hot encoding (which, however, does not preserve distances well). The basic idea of Buckman et al. is to apply the thermometer encoding (i.e., the discretization) before feeding the input to the network. Additionally, they introduce two novel, discrete attacks for challenging their defense mechanism – I refer to the paper for details. They show experimentally, that this discretization (also together with adversarial examples) improves robustness.