Some deep neural networks are invariant to some input transformations, such as Pointnet is permutation invariant to the input point cloud. In this paper, we demonstrated this property could be powerful in defense of gradient-based attacks. Specifically, we apply random input transformation which is invariant to the networks we want to defend. Extensive experiments demonstrate that the proposed scheme defeats various gradient-based attackers in the targeted attack setting, and breaking the attack accuracy into nearly zero. Our code is available at: {\footnotesize{\url{https://github.com/cuge1995/IT-Defense}}}.

翻译：一些深神经网络对于某些输入变异是变化不一的,例如Pointnet是输入点云的变异。 在本文中,我们展示了这种属性在捍卫基于梯度的攻击方面可能具有强大的力量。 具体地说,我们应用随机输入变异,这是我们想要捍卫的网络。 广泛的实验表明,拟议的计划击败了定向攻击中各种基于梯度的攻击者,并将攻击的准确性打破到近乎零。 我们的代码可以在以下网址查阅: \teootofision huurl{https://github.com/cuge1995/IT-Decriction}。