Thanks for the link, I hadn't read that paper yet.
One of the reasons not to just use the adversarial attack umbrella is that the defenses are likely to be dependent on specific scenarios. Normalization, sanitization, and putting up guardrails are all necessary but not sufficient depending on the attack.
It is also possible to layer attacks, so it would be good to be able to describe the different layers.
One of the reasons not to just use the adversarial attack umbrella is that the defenses are likely to be dependent on specific scenarios. Normalization, sanitization, and putting up guardrails are all necessary but not sufficient depending on the attack.
It is also possible to layer attacks, so it would be good to be able to describe the different layers.