TL;DR
This paper introduces a Renormalisation Group framework to evaluate and improve the robustness of deep learning networks against small input perturbations and adversarial attacks.
Contribution
It proposes a Monte Carlo RG-based numerical scheme to identify sensitive directions and relevant operators in trained deep networks, assessing their vulnerability.
Findings
Identifies input sensitivities linked to RG fixed points
Provides a method to detect and analyze adversarial vulnerabilities
Enables testing of network robustness against perturbations
Abstract
The Renormalisation Group (RG) provides a framework in which it is possible to assess whether a deep-learning network is sensitive to small changes in the input data and hence prone to error, or susceptible to adversarial attack. Distinct classification outputs are associated with different RG fixed points and sensitivity to small changes in the input data is due to the presence of relevant operators at a fixed point. A numerical scheme, based on Monte Carlo RG ideas, is proposed for identifying the existence of relevant operators and the corresponding directions of greatest sensitivity in the input data. Thus, a trained deep-learning network may be tested for its robustness and, if it is vulnerable to attack, dangerous perturbations of the input data identified.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning