Plausible Adversarial Attacks on Direct Parameter Inference Models in Astrophysics
Benjamin Horowitz, Peter Melchior
TL;DR
This paper investigates how small adversarial perturbations can mislead astrophysical inference models, revealing their vulnerability and raising concerns about their reliability in detecting new physics.
Contribution
It demonstrates that adversarial attacks can deceive cosmological parameter inference networks, highlighting the need for robustness in astrophysical machine learning models.
Findings
Adversarial perturbations can cause false detection of new physics.
Inference networks are vulnerable to small systematic biases.
Standard estimators remain insensitive to these adversarial attacks.
Abstract
In this abstract we explore the possibility of introducing biases in physical parameter inference models from adversarial-type attacks. In particular, we inject small amplitude systematics into inputs to a mixture density networks tasked with inferring cosmological parameters from observed data. The systematics are constructed analogously to white-box adversarial attacks. We find that the analysis network can be tricked into spurious detection of new physics in cases where standard cosmological estimators would be insensitive. This calls into question the robustness of such networks and their utility for reliably detecting new physics.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsGamma-ray bursts and supernovae