Neural Networks in Adversarial Setting and Ill-Conditioned Weight Space
Mayank Singh, Abhishek Sinha, Balaji Krishnamurthy
TL;DR
This paper investigates how the condition of neural network weight matrices affects vulnerability to adversarial attacks, proposing orthogonal regularization to improve robustness on standard datasets.
Contribution
It introduces the hypothesis that ill-conditioned weight matrices contribute to adversarial susceptibility and demonstrates orthogonal regularization as an effective mitigation.
Findings
Orthogonal regularization improves adversarial accuracy.
Ill-conditioned weights correlate with higher adversarial vulnerability.
Method enhances robustness on MNIST and F-MNIST datasets.
Abstract
Recently, Neural networks have seen a huge surge in its adoption due to their ability to provide high accuracy on various tasks. On the other hand, the existence of adversarial examples have raised suspicions regarding the generalization capabilities of neural networks. In this work, we focus on the weight matrix learnt by the neural networks and hypothesize that ill conditioned weight matrix is one of the contributing factors in neural network's susceptibility towards adversarial examples. For ensuring that the learnt weight matrix's condition number remains sufficiently low, we suggest using orthogonal regularizer. We show that this indeed helps in increasing the adversarial accuracy on MNIST and F-MNIST datasets.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Anomaly Detection Techniques and Applications