Abstract
Despite their impressive performance in classification, neural networks are known to be vulnerable to adversarial attacks. These attacks are small perturbations of the input data designed to fool the model. Naturally, a question arises regarding the potential connection between the architecture, settings, or properties of the model and the nature of the attack. In this work, we aim to shed light on this problem by focusing on the implicit bias of the neural network, which refers to its inherent inclination to favor specific patterns or outcomes. Specifically, we investigate one aspect of the implicit bias, which involves the essential Fourier frequencies required for accurate image classification. We conduct tests to assess the statistical relationship between these frequencies and those necessary for a successful attack. To delve into this relationship, we propose a new method that can uncover non-linear correlations between sets of coordinates, which, in our case, are the aforementioned frequencies. By exploiting the entanglement between intrinsic dimension and correlation, we provide empirical evidence that the network bias in Fourier space and the target frequencies of adversarial attacks are closely tied.
Abstract (translated)
尽管神经网络在分类方面表现惊人,但它们仍然容易受到dversarial攻击。这些攻击是输入数据中的微小的扰动,旨在欺骗模型。自然地,一个问题出现了,即模型的结构、设置或属性与攻击的性质之间可能存在的潜在联系。在本研究中,我们旨在通过关注神经网络的隐含偏见来解决这个问题,隐含偏见是指其固有的倾向,以偏好特定的模式或结果。具体而言,我们研究了隐含偏见的一个方面,涉及准确图像分类所需的关键傅里叶频率。我们进行了测试,以评估这些频率和成功攻击所需的统计关系。为了深入探讨这个问题,我们提出了一种新方法,可以揭示一组坐标之间的非线性相关关系,这些坐标是指在我们的情况下,上述频率。通过利用内在维度和相关性的纠缠,我们提供了经验证据,表明在 Fourier 空间中的网络偏见和dversarial 攻击的目标频率之间是紧密联系的。
URL
https://arxiv.org/abs/2305.15203
