ML Anthology

Overcoming Open-Set Approaches to Adversarial Defense

Edgar Wilfred Jatho, Armon Barton, Matthew Wright, Patrick McClure
TMLR 2026
/tmlr/2026/jatho2026tmlr-overcoming/

Abstract

Machine learning (ML) models are increasingly proposed to replace or augment safety-critical information processing systems, yet their fragility to evasion attacks remains a well-documented, open problem. This work analyzes a class of deep neural network defenses that add a none-of-the-above (NOTA) class as an open-set-inspired, closed-set adversarial defense. We analyze seven prominent adversarial evasion attacks developed for computer vision classification and one attack developed for natural language processing classification, identifying how these attacks fail in the presence of a NOTA defense. We use this knowledge to adapt these attacks and provide empirical evidence that adding a NOTA class alone does not solve the core challenge of defending DNNs against evasion attacks. We release our adapted attack suite to enable more rigorous future evaluations of open-set-inspired defenses.

PDF TMLR Semantic Scholar

Cite

Text

Jatho et al. "Overcoming Open-Set Approaches to Adversarial Defense." Transactions on Machine Learning Research, 2026.

Markdown

[Jatho et al. "Overcoming Open-Set Approaches to Adversarial Defense." Transactions on Machine Learning Research, 2026.](https://mlanthology.org/tmlr/2026/jatho2026tmlr-overcoming/)

BibTeX

@article{jatho2026tmlr-overcoming,
  title     = {{Overcoming Open-Set Approaches to Adversarial Defense}},
  author    = {Jatho, Edgar Wilfred and Barton, Armon and Wright, Matthew and McClure, Patrick},
  journal   = {Transactions on Machine Learning Research},
  year      = {2026},
  url       = {https://mlanthology.org/tmlr/2026/jatho2026tmlr-overcoming/}
}