Which technique is associated with increasing resilience against adversarial inputs?

Adversarial inputs exploit a model’s sensitivity to small, carefully crafted changes in the input. Regularization techniques, like weight decay or dropout, help prevent the model from learning overly complex or tightly fit patterns. That reduces how abruptly the model’s predictions can change in response to tiny input perturbations, effectively smoothing the decision boundary a bit and making it harder for adversarial perturbations to push a sample across the boundary into a different class. Defensive distillation takes a related, more targeted approach: by training on softened probability outputs from a previous model, the resulting model learns more gradual, less brittle mappings. The softer targets and smoother gradients make it harder for an attacker to compute perturbations that reliably flip the classification, boosting resilience to adversarial inputs. Data augmentation, while beneficial for general robustness, doesn’t specifically address the vulnerability that adversarial examples exploit in the model’s gradients. Decreasing model capacity reduces performance and doesn’t provide a robust defense to adversarial manipulation. Ignoring adversarial examples leaves the system exposed, so it doesn’t increase resilience.