I previously pontificated about the difficulties of making a neural network robust in the adversarial model and a general approach to overcoming them. In this post I’ll flesh out the specifics of the construction a bit more.

What we want to do is make a neural network whose overall structure naturally gives it adversary resistance, so we can simply train it as well as we can and it automatically gets that feature, rather than having to do something special in the training, which doesn’t seem to work.

There are two tricks here: First, the number of outputs is about the…

Bram Cohen

Creator of BitTorrent. Mad scientist. Puzzle author.

