Sabre: Cutting through Adversarial Noise with Adaptive Spectral Filtering and Input Reconstruction
Alec F Diallo, Paul Patras
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 5
In an era where machine learning (ML) models underpin countless critical applications, from sophisticated cyber security systems to advanced voice recognition, their inherent susceptibility to adversarial attacks poses a significant threat. This talk introduces "Sabre," a novel defense mechanism designed to bolster the robustness of ML classifiers against such attacks. Presented by Alec F Diallo from the University of Edinburgh, Sabre tackles evasion attacks, where malicious actors manipulate input data at test time to induce misclassifications, even with complete knowledge of the model's architecture and parameters—a white-box attack scenario.
AI review
Sabre presents a critical advancement in adversarial ML defense by effectively closing the benign-robust accuracy gap. Its two-stage approach, combining adaptive spectral filtering with neural network-based input reconstruction, extracts consistent features, making ML models robust against white-box evasion attacks across diverse data types while maintaining computational efficiency. This is a genuinely impactful and well-engineered defense.