Extending Defensive Distillation
This work addresses security vulnerabilities in machine learning systems, but it is incremental as it builds upon existing defensive distillation methods.
The paper tackled the problem of adversarial examples in machine learning by revisiting defensive distillation to address its limitations, resulting in an effective defense against recently discovered attacks.
Machine learning is vulnerable to adversarial examples: inputs carefully modified to force misclassification. Designing defenses against such inputs remains largely an open problem. In this work, we revisit defensive distillation---which is one of the mechanisms proposed to mitigate adversarial examples---to address its limitations. We view our results not only as an effective way of addressing some of the recently discovered attacks but also as reinforcing the importance of improved training techniques.