-
Membership-Invariant Subspace Training
Membership-Invariant Subspace Training (MIST) is a method for training classifiers that acts as a defense designed to specifically defend against black-box membership inference... -
PatchAttack: A Black-box Texture-based Attack with Reinforcement Learning
Patch-based attacks introduce a perceptible but localized change to the input that induces misclassification. A limitation of cur- rent patch-based black-box attacks is that they...
