Name
Abstract | ||
|---|---|---|
We examine the relationship between the energy landscape of neural networks and their robustness to adversarial attacks. Combining energy landscape techniques developed in computational chemistry with tools drawn from formal methods, we produce empirical evidence that networks corresponding to lower-lying minima in the landscape tend to be more robust. The robustness measure used is the inverse of the sensitivity measure, which we define as the volume of an over-approximation of the reachable set of network outputs under all additive $l_{infty}$ bounded perturbations on the input data. We present a novel loss function which contains a weighted sensitivity component in addition to the traditional task-oriented and regularization terms. In our experiments on standard machine learning and computer vision datasets (e.g., Iris and MNIST), we show that the proposed loss function leads to networks which reliably optimize the robustness measure as well as other related metrics of adversarial robustness without significant degradation in the classification error. |
Year | Venue | Field |
|---|---|---|
2018 | arXiv: Machine Learning | Inverse,Convolutional neural network,Algorithm,Robustness (computer science),Maxima and minima,Regularization (mathematics),Artificial intelligence,Formal methods,Energy landscape,Machine learning,Mathematics,Feed forward |
DocType | Volume | Citations |
Journal | abs/1810.11726 | 1 |
PageRank | References | Authors |
0.35 | 0 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Timothy E. Wang | 1 | 1 | 0.68 |
| Jack Gu | 2 | 1 | 0.35 |
| Dhagash Mehta | 3 | 15 | 8.26 |
| Xiaojun Zhao | 4 | 1 | 0.68 |
| Edgar A. Bernal | 5 | 58 | 10.32 |