Understanding Adversarial Behavior of DNNs by Disentangling Non-Robust and Robust Components in Performance Metric

06/06/2019
by   Yujun Shi, et al.
0

The vulnerability to slight input perturbations is a worrying yet intriguing property of deep neural networks (DNNs). Despite many previous works studying the reason behind such adversarial behavior, the relationship between the generalization performance and adversarial behavior of DNNs is still little understood. In this work, we reveal such relation by introducing a metric characterizing the generalization performance of a DNN. The metric can be disentangled into an information-theoretic non-robust component, responsible for adversarial behavior, and a robust component. Then, we show by experiments that current DNNs rely heavily on optimizing the non-robust component in achieving decent performance. We also demonstrate that current state-of-the-art adversarial training algorithms indeed try to robustify the DNNs by preventing them from using the non-robust component to distinguish samples from different categories. Also, based on our findings, we take a step forward and point out the possible direction for achieving decent standard performance and adversarial robustness simultaneously. We believe that our theory could further inspire the community to make more interesting discoveries about the relationship between standard generalization and adversarial generalization of deep learning models.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/09/2021

Towards the Memorization Effect of Neural Networks in Adversarial Training

Recent studies suggest that “memorization” is one important factor for o...
research
12/04/2019

Learning with Multiplicative Perturbations

Adversarial Training (AT) and Virtual Adversarial Training (VAT) are the...
research
06/20/2022

Understanding Robust Learning through the Lens of Representation Similarities

Representation learning, i.e. the generation of representations useful f...
research
06/05/2018

An Explainable Adversarial Robustness Metric for Deep Learning Neural Networks

Deep Neural Networks(DNN) have excessively advanced the field of compute...
research
10/07/2020

Batch Normalization Increases Adversarial Vulnerability: Disentangling Usefulness and Robustness of Model Features

Batch normalization (BN) has been widely used in modern deep neural netw...
research
01/31/2023

Interpreting Robustness Proofs of Deep Neural Networks

In recent years numerous methods have been developed to formally verify ...
research
02/25/2020

Robust Wireless Fingerprinting: Generalizing Across Space and Time

Can we distinguish between two wireless transmitters sending exactly the...

Please sign up or login with your details

Forgot password? Click here to reset