Aliasing is a Driver of Adversarial Attacks
Adri\'an Rodr\'iguez-Mu\~noz, Antonio Torralba
TL;DR
This paper explores how aliasing in neural networks contributes to adversarial vulnerabilities and demonstrates that anti-aliasing techniques can significantly improve robustness against attacks.
Contribution
The study introduces a theoretical framework for understanding aliasing in neural networks and proposes simple, explainable anti-aliasing modifications to enhance adversarial robustness.
Findings
Reducing aliasing improves classifier robustness.
Anti-aliasing combined with robust training outperforms robust training alone.
A sufficient condition for no aliasing in image transformations is established.
Abstract
Aliasing is a highly important concept in signal processing, as careful consideration of resolution changes is essential in ensuring transmission and processing quality of audio, image, and video. Despite this, up until recently aliasing has received very little consideration in Deep Learning, with all common architectures carelessly sub-sampling without considering aliasing effects. In this work, we investigate the hypothesis that the existence of adversarial perturbations is due in part to aliasing in neural networks. Our ultimate goal is to increase robustness against adversarial attacks using explainable, non-trained, structural changes only, derived from aliasing first principles. Our contributions are the following. First, we establish a sufficient condition for no aliasing for general image transformations. Next, we study sources of aliasing in common neural network layers, and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications
MethodsNone