Explaining the role of Intrinsic Dimensionality in Adversarial Training

Enes Altinisik; Safa Messaoud; Husrev Taha Sencar; Hassan Sajjad; Sanjay Chawla

arXiv:2405.17130·cs.LG·May 27, 2025

Explaining the role of Intrinsic Dimensionality in Adversarial Training

Enes Altinisik, Safa Messaoud, Husrev Taha Sencar, Hassan Sajjad, Sanjay Chawla

PDF

Open Access 1 Video

TL;DR

This paper explains how intrinsic dimensionality influences adversarial training outcomes across different models, proposing a new scalable method that enhances robustness while maintaining generalization.

Contribution

It introduces the manifold conjecture-based explanation for model behavior and proposes SMAAT, a novel scalable adversarial training method leveraging intrinsic dimensionality.

Findings

01

SMAAT reduces GPU time by 25-33% during adversarial training.

02

Models with low intrinsic dimensionality in certain layers show improved robustness.

03

SMAAT achieves superior robustness across multiple tasks with comparable generalization.

Abstract

Adversarial Training (AT) impacts different architectures in distinct ways: vision models gain robustness but face reduced generalization, encoder-based models exhibit limited robustness improvements with minimal generalization loss, and recent work in latent-space adversarial training (LAT) demonstrates that decoder-based models achieve improved robustness by applying AT across multiple layers. We provide the first explanation for these trends by leveraging the manifold conjecture: off-manifold adversarial examples (AEs) enhance robustness, while on-manifold AEs improve generalization. We show that vision and decoder-based models exhibit low intrinsic dimensionality in earlier layers (favoring off-manifold AEs), whereas encoder-based models do so in later layers (favoring on-manifold AEs). Exploiting this property, we introduce SMAAT, which improves the scalability of AT for…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

Explaining the role of Intrinsic Dimensionality in Adversarial Training· slideslive

Taxonomy

TopicsAnomaly Detection Techniques and Applications · Adversarial Robustness in Machine Learning · Generative Adversarial Networks and Image Synthesis

MethodsRefunds@Expedia|||How do I get a full refund from Expedia? · Attention Is All You Need · WordPiece · Linear Warmup With Linear Decay · Weight Decay · Attention Dropout · Linear Layer · Byte Pair Encoding · Adam · Residual Connection