Y
Hacker News
new
|
ask
|
show
|
jobs
by
hahajk
2786 days ago
Or just adding a small amount of random noise to the input, which would wipe out the carefully constructed attack.
1 comments
ipsa
2786 days ago
You can try out this technique at
https://github.com/google/unrestricted-adversarial-examples
My guess is it would have the same result as adding noise to the normal images too (resulting in a slightly worse performance overall).
link