Adversarial Machine Learning Phases of Matter

TL;DR

This paper investigates the vulnerability of deep neural network classifiers in phase recognition tasks to adversarial perturbations and demonstrates that adversarial training can improve their robustness and physical consistency.

Contribution

It reveals the susceptibility of phase classifiers to adversarial attacks and shows that adversarial training enhances their robustness and alignment with physical principles.

Findings

Deep neural network classifiers are highly vulnerable to adversarial noise.

Adversarial training improves classifier robustness and physical law consistency.

Physical principles and symmetries are not fully captured by current classifiers.

Abstract

We study the robustness of machine learning approaches to adversarial perturbations, with a focus on supervised learning scenarios. We find that typical phase classifiers based on deep neural networks are extremely vulnerable to adversarial perturbations: adding a tiny amount of carefully crafted noises into the original legitimate examples will cause the classifiers to make incorrect predictions at a notably high confidence level. Through the lens of activation maps, we find that some important underlying physical principles and symmetries remain to be adequately captured for classifiers with even near-perfect performance. This explains why adversarial perturbations exist for fooling these classifiers. In addition, we find that, after adversarial training, the classifiers will become more consistent with physical laws and consequently more robust to certain kinds of adversarial perturbations. Our results provide valuable guidance for both theoretical and experimental future studies on applying machine learning techniques to condensed matter physics.