On the Relationship Between Adversarial Robustness and Decision Region
in Deep Neural Network
- URL: http://arxiv.org/abs/2207.03400v1
- Date: Thu, 7 Jul 2022 16:06:34 GMT
- Title: On the Relationship Between Adversarial Robustness and Decision Region
in Deep Neural Network
- Authors: Seongjin Park, Haedong Jeong, Giyoung Jeon, Jaesik Choi
- Abstract summary: We study the internal properties of Deep Neural Networks (DNNs) that affect model robustness under adversarial attacks.
We propose the novel concept of the Populated Region Set (PRS), where training samples are populated more frequently.
- Score: 26.656444835709905
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In general, Deep Neural Networks (DNNs) are evaluated by the generalization
performance measured on unseen data excluded from the training phase. Along
with the development of DNNs, the generalization performance converges to the
state-of-the-art and it becomes difficult to evaluate DNNs solely based on this
metric. The robustness against adversarial attack has been used as an
additional metric to evaluate DNNs by measuring their vulnerability. However,
few studies have been performed to analyze the adversarial robustness in terms
of the geometry in DNNs. In this work, we perform an empirical study to analyze
the internal properties of DNNs that affect model robustness under adversarial
attacks. In particular, we propose the novel concept of the Populated Region
Set (PRS), where training samples are populated more frequently, to represent
the internal properties of DNNs in a practical setting. From systematic
experiments with the proposed concept, we provide empirical evidence to
validate that a low PRS ratio has a strong relationship with the adversarial
robustness of DNNs. We also devise PRS regularizer leveraging the
characteristics of PRS to improve the adversarial robustness without
adversarial training.
Related papers
- Unveiling and Mitigating Generalized Biases of DNNs through the Intrinsic Dimensions of Perceptual Manifolds [46.47992213722412]
Building fair deep neural networks (DNNs) is a crucial step towards achieving trustworthy artificial intelligence.
We propose Intrinsic Dimension Regularization (IDR), which enhances the fairness and performance of models.
In various image recognition benchmark tests, IDR significantly mitigates model bias while improving its performance.
arXiv Detail & Related papers (2024-04-22T04:16:40Z) - Adversarial Machine Learning in Latent Representations of Neural
Networks [9.372908891132772]
Distributed deep neural networks (DNNs) have been shown to reduce the computational burden of mobile devices and decrease the end-to-end inference latency in edge computing scenarios.
This paper rigorously analyzes the robustness of distributed DNNs against adversarial action.
arXiv Detail & Related papers (2023-09-29T17:01:29Z) - Not So Robust After All: Evaluating the Robustness of Deep Neural
Networks to Unseen Adversarial Attacks [5.024667090792856]
Deep neural networks (DNNs) have gained prominence in various applications, such as classification, recognition, and prediction.
A fundamental attribute of traditional DNNs is their vulnerability to modifications in input data, which has resulted in the investigation of adversarial attacks.
This study aims to challenge the efficacy and generalization of contemporary defense mechanisms against adversarial attacks.
arXiv Detail & Related papers (2023-08-12T05:21:34Z) - On the Intrinsic Structures of Spiking Neural Networks [66.57589494713515]
Recent years have emerged a surge of interest in SNNs owing to their remarkable potential to handle time-dependent and event-driven data.
There has been a dearth of comprehensive studies examining the impact of intrinsic structures within spiking computations.
This work delves deep into the intrinsic structures of SNNs, by elucidating their influence on the expressivity of SNNs.
arXiv Detail & Related papers (2022-06-21T09:42:30Z) - Latent Boundary-guided Adversarial Training [61.43040235982727]
Adrial training is proved to be the most effective strategy that injects adversarial examples into model training.
We propose a novel adversarial training framework called LAtent bounDary-guided aDvErsarial tRaining.
arXiv Detail & Related papers (2022-06-08T07:40:55Z) - Comparative Analysis of Interval Reachability for Robust Implicit and
Feedforward Neural Networks [64.23331120621118]
We use interval reachability analysis to obtain robustness guarantees for implicit neural networks (INNs)
INNs are a class of implicit learning models that use implicit equations as layers.
We show that our approach performs at least as well as, and generally better than, applying state-of-the-art interval bound propagation methods to INNs.
arXiv Detail & Related papers (2022-04-01T03:31:27Z) - Exploring Architectural Ingredients of Adversarially Robust Deep Neural
Networks [98.21130211336964]
Deep neural networks (DNNs) are known to be vulnerable to adversarial attacks.
In this paper, we investigate the impact of network width and depth on the robustness of adversarially trained DNNs.
arXiv Detail & Related papers (2021-10-07T23:13:33Z) - Neural Architecture Dilation for Adversarial Robustness [56.18555072877193]
A shortcoming of convolutional neural networks is that they are vulnerable to adversarial attacks.
This paper aims to improve the adversarial robustness of the backbone CNNs that have a satisfactory accuracy.
Under a minimal computational overhead, a dilation architecture is expected to be friendly with the standard performance of the backbone CNN.
arXiv Detail & Related papers (2021-08-16T03:58:00Z) - Recent Advances in Understanding Adversarial Robustness of Deep Neural
Networks [15.217367754000913]
It is increasingly important to obtain models with high robustness that are resistant to adversarial examples.
We give preliminary definitions on what adversarial attacks and robustness are.
We study frequently-used benchmarks and mention theoretically-proved bounds for adversarial robustness.
arXiv Detail & Related papers (2020-11-03T07:42:53Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.