On Intrinsic Dataset Properties for Adversarial Machine Learning

TL;DR

This paper investigates how intrinsic dataset properties like size and contrast influence the success of adversarial attacks and defenses in deep neural networks, emphasizing the importance of dataset design for robustness.

Contribution

It is the first comprehensive study examining the impact of dataset properties on adversarial machine learning performance.

Findings

Input size and contrast significantly affect attack success.

Dataset design and preprocessing are crucial for robustness.

Intrinsic dataset properties influence defense effectiveness.

Abstract

Deep neural networks (DNNs) have played a key role in a wide range of machine learning applications. However, DNN classifiers are vulnerable to human-imperceptible adversarial perturbations, which can cause them to misclassify inputs with high confidence. Thus, creating robust DNNs which can defend against malicious examples is critical in applications where security plays a major role. In this paper, we study the effect of intrinsic dataset properties on the performance of adversarial attack and defense methods, testing on five popular image classification datasets - MNIST, Fashion-MNIST, CIFAR10/CIFAR100, and ImageNet. We find that input size and image contrast play key roles in attack and defense success. Our discoveries highlight that dataset design and data preprocessing steps are important to boost the adversarial robustness of DNNs. To our best knowledge, this is the first comprehensive work that studies the effect of intrinsic dataset properties on adversarial machine learning.