On the Interplay of Convolutional Padding and Adversarial Robustness
Paul Gavrikov, Janis Keuper
TL;DR
This paper investigates how different padding modes in CNNs influence adversarial robustness, revealing that boundary perturbations caused by attacks are affected by padding choices, impacting model security.
Contribution
It provides an analysis of the relationship between padding strategies and adversarial vulnerability, highlighting the importance of padding in robustness.
Findings
Padding affects boundary perturbation patterns in adversarial attacks.
Different padding modes influence the robustness of CNNs.
Boundary anomalies are linked to padding choices.
Abstract
It is common practice to apply padding prior to convolution operations to preserve the resolution of feature-maps in Convolutional Neural Networks (CNN). While many alternatives exist, this is often achieved by adding a border of zeros around the inputs. In this work, we show that adversarial attacks often result in perturbation anomalies at the image boundaries, which are the areas where padding is used. Consequently, we aim to provide an analysis of the interplay between padding and adversarial attacks and seek an answer to the question of how different padding modes (or their absence) affect adversarial robustness in various scenarios.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Integrated Circuits and Semiconductor Failure Analysis
MethodsConvolution