Broadly speaking, we classify defensive approaches in three different stages, namely, prevention, detection and response. This aligns with the common language in Cybersecurity defence. ![[AdvMLDefeniveCycle.excalidraw.light.svg]] %%[[AdvMLDefeniveCycle.excalidraw.md|🖋 Edit in Excalidraw]], and the [[AdvMLDefeniveCycle.excalidraw.dark.svg|dark exported image]]%% ## Prevention - [[Adversarial training]] - [[Adversarial logit pairing]] - [[PixelDefend]] - [[Gradient regularisation]] - [[Defensive distillation]] - [[Non-differentiable input transformation]] - [[Ensemble adversarial training]] - [[Data argumentation]] ## Detection - [[Randomised dropout]] - [[Stochastic activation pruning]] - [[Adversarial detection network]] - [[Distributional detection]] - [[Bayesian uncertainty estimates]] - [[Dimension reduction]] ## Response - [[Adversarial re-training]] - [[Explainable adversarial examples]] - [[Threat IoC]] - [[Block and Quarantine]] -