
Resilience of Bayesian LayerWise Explanations under Adversarial Attacks
We consider the problem of the stability of saliencybased explanations ...
read it

Generalizing kmeans for an arbitrary distance matrix
The original kmeans clustering method works only if the exact vectors r...
read it

Finegrained Uncertainty Modeling in Neural Networks
Existing uncertainty modeling approaches try to detect an outofdistrib...
read it

Radial Prediction Layer
For a broad variety of critical applications, it is essential to know ho...
read it

Mathematical Analysis of Adversarial Attacks
In this paper, we analyze efficacy of the fast gradient sign method (FGS...
read it

Enhancing Transformationbased Defenses using a Distribution Classifier
Adversarial attacks on convolutional neural networks (CNN) have gained s...
read it

Improve Adversarial Robustness via Weight Penalization on Classification Layer
It is wellknown that deep neural networks are vulnerable to adversarial...
read it
Softmaxbased Classification is kmeans Clustering: Formal Proof, Consequences for Adversarial Attacks, and Improvement through Centroid Based Tailoring
We formally prove the connection between kmeans clustering and the predictions of neural networks based on the softmax activation layer. In existing work, this connection has been analyzed empirically, but it has never before been mathematically derived. The softmax function partitions the transformed input space into cones, each of which encompasses a class. This is equivalent to putting a number of centroids in this transformed space at equal distance from the origin, and kmeans clustering the data points by proximity to these centroids. Softmax only cares in which cone a data point falls, and not how far from the centroid it is within that cone. We formally prove that networks with a small Lipschitz modulus (which corresponds to a low susceptibility to adversarial attacks) map data points closer to the cluster centroids, which results in a mapping to a kmeansfriendly space. To leverage this knowledge, we propose Centroid Based Tailoring as an alternative to the softmax function in the last layer of a neural network. The resulting Gauss network has similar predictive accuracy as traditional networks, but is less susceptible to onepixel attacks; while the main contribution of this paper is theoretical in nature, the Gauss network contributes empirical auxiliary benefits.
READ FULL TEXT
Comments
There are no comments yet.