# On the Robustness of Deep K-Nearest Neighbors

**Authors:** Chawin Sitawarin, David Wagner

arXiv: 1903.08333 · 2019-03-21

## TL;DR

This paper evaluates the robustness of Deep k-Nearest Neighbor (DkNN) as a defense against adversarial attacks, introducing a heuristic attack method that challenges its effectiveness.

## Contribution

It presents a new heuristic attack method for kNN classifiers and demonstrates its effectiveness against the DkNN defense, highlighting potential vulnerabilities.

## Key findings

- The attack is moderately stronger than naive kNN attacks.
- The attack significantly outperforms other methods on DkNN.
- DkNN's robustness is less than previously assumed.

## Abstract

Despite a large amount of attention on adversarial examples, very few works have demonstrated an effective defense against this threat. We examine Deep k-Nearest Neighbor (DkNN), a proposed defense that combines k-Nearest Neighbor (kNN) and deep learning to improve the model's robustness to adversarial examples. It is challenging to evaluate the robustness of this scheme due to a lack of efficient algorithm for attacking kNN classifiers with large k and high-dimensional data. We propose a heuristic attack that allows us to use gradient descent to find adversarial examples for kNN classifiers, and then apply it to attack the DkNN defense as well. Results suggest that our attack is moderately stronger than any naive attack on kNN and significantly outperforms other attacks on DkNN.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.08333/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1903.08333/full.md

## References

37 references — full list in the complete paper: https://tomesphere.com/paper/1903.08333/full.md

---
Source: https://tomesphere.com/paper/1903.08333