Abstract: We introduce Adversarial Sparse Teacher (AST), a robust defense method against distillation-based model stealing attacks. Our approach trains a teacher model using adversarial examples to ...
Abstract: Due to the exponential disparity in the magnitude of high- and low-frequency components in the image frequency domain, existing frequency-domain enhancement methods for adversarial examples ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback