An Adversarial Robustness Perspective on the Topology of Neural Networks
Morgane Goibert, Thomas Ricatte, Elvis Dohmatob
TL;DR
This paper explores how the topology of neural networks, represented as graphs, differs between clean and adversarial inputs, revealing potential for detecting adversarial attacks based on graph structure differences.
Contribution
It introduces a graph-based perspective on neural network topology, linking graph structure to adversarial vulnerability and proposing a detection method based on these insights.
Findings
Graphs from clean inputs are more centralized around highway edges.
Adversarial inputs produce more diffuse graphs leveraging under-optimized edges.
Under-optimized edges are a source of adversarial vulnerability and useful for detection.
Abstract
In this paper, we investigate the impact of neural networks (NNs) topology on adversarial robustness. Specifically, we study the graph produced when an input traverses all the layers of a NN, and show that such graphs are different for clean and adversarial inputs. We find that graphs from clean inputs are more centralized around highway edges, whereas those from adversaries are more diffuse, leveraging under-optimized edges. Through experiments on a variety of datasets and architectures, we show that these under-optimized edges are a source of adversarial vulnerability and that they can be used to detect adversarial inputs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Explainable Artificial Intelligence (XAI) · Advanced Graph Neural Networks