Dynamically Computing Adversarial Perturbations for Recurrent Neural
Networks
- URL: http://arxiv.org/abs/2009.02874v1
- Date: Mon, 7 Sep 2020 03:37:03 GMT
- Title: Dynamically Computing Adversarial Perturbations for Recurrent Neural
Networks
- Authors: Shankar A. Deka and Du\v{s}an M. Stipanovi\'c and Claire J. Tomlin
- Abstract summary: Convolutional and recurrent neural networks have been widely employed to achieve state-of-the-art performance on classification tasks.
It has also been noted that these networks can be manipulated adversarially with relative ease, by carefully crafted additive perturbations to the input.
We provide theoretical guarantees on the existence of adversarial examples and robustness margins of the network to such examples.
- Score: 33.61168219427157
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Convolutional and recurrent neural networks have been widely employed to
achieve state-of-the-art performance on classification tasks. However, it has
also been noted that these networks can be manipulated adversarially with
relative ease, by carefully crafted additive perturbations to the input. Though
several experimentally established prior works exist on crafting and defending
against attacks, it is also desirable to have theoretical guarantees on the
existence of adversarial examples and robustness margins of the network to such
examples. We provide both in this paper. We focus specifically on recurrent
architectures and draw inspiration from dynamical systems theory to naturally
cast this as a control problem, allowing us to dynamically compute adversarial
perturbations at each timestep of the input sequence, thus resembling a
feedback controller. Illustrative examples are provided to supplement the
theoretical discussions.
Related papers
- Quantum-Inspired Analysis of Neural Network Vulnerabilities: The Role of
Conjugate Variables in System Attacks [54.565579874913816]
Neural networks demonstrate inherent vulnerability to small, non-random perturbations, emerging as adversarial attacks.
A mathematical congruence manifests between this mechanism and the quantum physics' uncertainty principle, casting light on a hitherto unanticipated interdisciplinarity.
arXiv Detail & Related papers (2024-02-16T02:11:27Z) - A Survey on Transferability of Adversarial Examples across Deep Neural Networks [53.04734042366312]
adversarial examples can manipulate machine learning models into making erroneous predictions.
The transferability of adversarial examples enables black-box attacks which circumvent the need for detailed knowledge of the target model.
This survey explores the landscape of the adversarial transferability of adversarial examples.
arXiv Detail & Related papers (2023-10-26T17:45:26Z) - Leveraging Low-Rank and Sparse Recurrent Connectivity for Robust
Closed-Loop Control [63.310780486820796]
We show how a parameterization of recurrent connectivity influences robustness in closed-loop settings.
We find that closed-form continuous-time neural networks (CfCs) with fewer parameters can outperform their full-rank, fully-connected counterparts.
arXiv Detail & Related papers (2023-10-05T21:44:18Z) - On the Computational Entanglement of Distant Features in Adversarial Machine Learning [8.87656044562629]
We introduce the concept of "computational entanglement"
Computational entanglement enables the network to achieve zero loss by fitting random noise, even on previously unseen test samples.
We present a novel application of computational entanglement in transforming a worst-case adversarial examples-inputs that are highly non-robust.
arXiv Detail & Related papers (2023-09-27T14:09:15Z) - Generalization and Estimation Error Bounds for Model-based Neural
Networks [78.88759757988761]
We show that the generalization abilities of model-based networks for sparse recovery outperform those of regular ReLU networks.
We derive practical design rules that allow to construct model-based networks with guaranteed high generalization.
arXiv Detail & Related papers (2023-04-19T16:39:44Z) - Adversarial Attack via Dual-Stage Network Erosion [7.28871533402894]
Deep neural networks are vulnerable to adversarial examples, which can fool deep models by adding subtle perturbations.
This paper proposes to improve the transferability of adversarial examples, and applies dual-stage feature-level perturbations to an existing model to implicitly create a set of diverse models.
We conduct comprehensive experiments both on non-residual and residual networks, and obtain more transferable adversarial examples with the computational cost similar to the state-of-the-art method.
arXiv Detail & Related papers (2022-01-01T02:38:09Z) - Robustness against Adversarial Attacks in Neural Networks using
Incremental Dissipativity [3.8673567847548114]
Adversarial examples can easily degrade the classification performance in neural networks.
This work proposes an incremental dissipativity-based robustness certificate for neural networks.
arXiv Detail & Related papers (2021-11-25T04:42:57Z) - Latent Network Embedding via Adversarial Auto-encoders [15.656374849760734]
We propose a latent network embedding model based on adversarial graph auto-encoders.
Under this framework, the problem of discovering latent structures is formulated as inferring the latent ties from partial observations.
arXiv Detail & Related papers (2021-09-30T16:49:46Z) - Formalizing Generalization and Robustness of Neural Networks to Weight
Perturbations [58.731070632586594]
We provide the first formal analysis for feed-forward neural networks with non-negative monotone activation functions against weight perturbations.
We also design a new theory-driven loss function for training generalizable and robust neural networks against weight perturbations.
arXiv Detail & Related papers (2021-03-03T06:17:03Z) - Developing Constrained Neural Units Over Time [81.19349325749037]
This paper focuses on an alternative way of defining Neural Networks, that is different from the majority of existing approaches.
The structure of the neural architecture is defined by means of a special class of constraints that are extended also to the interaction with data.
The proposed theory is cast into the time domain, in which data are presented to the network in an ordered manner.
arXiv Detail & Related papers (2020-09-01T09:07:25Z) - Improving Adversarial Robustness by Enforcing Local and Global
Compactness [19.8818435601131]
Adversary training is the most successful method that consistently resists a wide range of attacks.
We propose the Adversary Divergence Reduction Network which enforces local/global compactness and the clustering assumption.
The experimental results demonstrate that augmenting adversarial training with our proposed components can further improve the robustness of the network.
arXiv Detail & Related papers (2020-07-10T00:43:06Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.