Ryota Iijima, Sayaka Shiota, Hitoshi Kiya
Published 2024-01-05Version 1
Deep neural networks (DNNs) are well known to be vulnerable to adversarial examples (AEs). In addition, AEs have adversarial transferability, which means AEs generated for a source model can fool another black-box model (target model) with a non-trivial probability. In previous studies, it was confirmed that the vision transformer (ViT) is more robust against the property of adversarial transferability than convolutional neural network (CNN) models such as ConvMixer, and moreover encrypted ViT is more robust than ViT without any encryption. In this article, we propose a random ensemble of encrypted ViT models to achieve much more robust models. In experiments, the proposed scheme is verified to be more robust against not only black-box attacks but also white-box ones than convention methods.
Enhanced Security against Adversarial Examples Using a Random Ensemble of Encrypted Vision Transformer Models
Vulnerability of the Neural Networks Against Adversarial Examples: A Survey
Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks
![QR code for arXiv:2401.02633 [cs.CR]](http://oss.arxitics.com/images/favicon.svg)