An Information-Theoretic Explanation for the Adversarial Fragility of AI Classifiers
Hui Xie, Jirong Yi, Weiyu Xu, and Raghu Mudumbai
TL;DR
This paper proposes an information-theoretic hypothesis explaining why AI classifiers are vulnerable to small adversarial perturbations, supported by theoretical analysis and experimental validation with a voice recognition system.
Contribution
It introduces a compression-based hypothesis for classifier fragility, along with a novel detection method with theoretical guarantees.
Findings
The hypothesis explains classifier fragility to adversarial attacks.
The proposed detection method effectively identifies adversarial perturbations.
Experimental results validate the detection approach on voice recognition systems.
Abstract
We present a simple hypothesis about a compression property of artificial intelligence (AI) classifiers and present theoretical arguments to show that this hypothesis successfully accounts for the observed fragility of AI classifiers to small adversarial perturbations. We also propose a new method for detecting when small input perturbations cause classifier errors, and show theoretical guarantees for the performance of this detection method. We present experimental results with a voice recognition system to demonstrate this method. The ideas in this paper are motivated by a simple analogy between AI classifiers and the standard Shannon model of a communication system.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Advanced Malware Detection Techniques