Enhancing generalization in high energy physics using white-box adversarial attacks

TL;DR

This paper investigates how white-box adversarial attacks can improve the generalization of machine learning models in high energy physics, especially in classifying Higgs boson decay signals, by reducing overfitting to simulation artifacts.

Contribution

It introduces the application of four white-box adversarial attack methods to enhance model generalization in particle physics classification tasks.

Findings

White-box adversarial attacks improve model generalization performance.

Adversarial attacks increase computational complexity.

Analysis methods effectively quantify local minima sharpness.

Abstract

Machine learning is becoming increasingly popular in the context of particle physics. Supervised learning, which uses labeled Monte Carlo (MC) simulations, remains one of the most widely used methods for discriminating signals beyond the Standard Model. However, this paper suggests that supervised models may depend excessively on artifacts and approximations from Monte Carlo simulations, potentially limiting their ability to generalize well to real data. This study aims to enhance the generalization properties of supervised models by reducing the sharpness of local minima. It reviews the application of four distinct white-box adversarial attacks in the context of classifying Higgs boson decay signals. The attacks are divided into weight-space attacks and feature-space attacks. To study and quantify the sharpness of different local minima, this paper presents two analysis methods: gradient ascent and reduced Hessian eigenvalue analysis. The results show that white-box adversarial attacks significantly improve generalization performance, albeit with increased computational complexity.