1. 51
  1.  

  2. 6

    This is incredible! Is the code open source?

    1. 13

      Not yet, but it will be soon!

      1. 3

        It doesn’t look like it but there is a draft of the paper available: https://arxiv.org/pdf/1707.07397.pdf

        1. 2

          They have a «code» link that says «coming soon» — so, not yet, but hopefully it will be in the future.

        2. 3

          Is it possible to train the networks further on adversarial examples you yourself generate to defeat it? Or can you just keep applying the algorithm repeatedly.

          1. 9

            What you’re describing is called “adversarial training” – training a network on adversarial examples generated for that network, and repeatedly doing this process – and it’s a pretty good idea! It has shown to increase resistance to black box attacks (see https://arxiv.org/abs/1706.06083), but with current approaches, it doesn’t seem to help in the white-box case.