Complexity Matters: Effective Dimensionality as a Measure for Adversarial Robustness

TL;DR

This paper demonstrates that a model's effective dimensionality is inversely related to its adversarial robustness, proposing it as a valuable metric for model selection and robustness assessment in real-world scenarios.

Contribution

It introduces effective dimensionality as a novel, reliable measure for evaluating and predicting adversarial robustness across different models and training methods.

Findings

Lower effective dimensionality correlates with higher robustness.

Adversarial training reduces effective dimensionality.

Effective dimensionality outperforms parameter count as a robustness metric.

Abstract

Quantifying robustness in a single measure for the purposes of model selection, development of adversarial training methods, and anticipating trends has so far been elusive. The simplest metric to consider is the number of trainable parameters in a model but this has previously been shown to be insufficient at explaining robustness properties. A variety of other metrics, such as ones based on boundary thickness and gradient flatness have been proposed but have been shown to be inadequate proxies for robustness. In this work, we investigate the relationship between a model's effective dimensionality, which can be thought of as model complexity, and its robustness properties. We run experiments on commercial-scale models that are often used in real-world environments such as YOLO and ResNet. We reveal a near-linear inverse relationship between effective dimensionality and adversarial robustness, that is models with a lower dimensionality exhibit better robustness. We investigate the effect of a variety of adversarial training methods on effective dimensionality and find the same inverse linear relationship present, suggesting that effective dimensionality can serve as a useful criterion for model selection and robustness evaluation, providing a more nuanced and effective metric than parameter count or previously-tested measures.