Enforcing Fundamental Relations via Adversarial Attacks on Input Parameter Correlations

TL;DR

This paper introduces RDSA, a novel adversarial attack focusing on input feature correlations, which enhances classification robustness across diverse scientific and real-world datasets.

Contribution

The paper presents RDSA, an adversarial attack that targets feature correlations, improving data augmentation and adversarial training effectiveness in various classification tasks.

Findings

RDSA significantly improves classification performance.

Effective across multiple domains including physics and healthcare.

Enhances robustness through correlation-focused adversarial examples.

Abstract

Correlations between input parameters play a crucial role in many scientific classification tasks, since these are often related to fundamental laws of nature. For example, in high energy physics, one of the common deep learning use-cases is the classification of signal and background processes in particle collisions. In many such cases, the fundamental principles of the correlations between observables are often better understood than the actual distributions of the observables themselves. In this work, we present a new adversarial attack algorithm called Random Distribution Shuffle Attack (RDSA), emphasizing the correlations between observables in the network rather than individual feature characteristics. Correct application of the proposed novel attack can result in a significant improvement in classification performance - particularly in the context of data augmentation - when using the generated adversaries within adversarial training. Given that correlations between input features are also crucial in many other disciplines. We demonstrate the RDSA effectiveness on six classification tasks, including two particle collision challenges (using CERN Open Data), hand-written digit recognition (MNIST784), human activity recognition (HAR), weather forecasting (Rain in Australia), and ICU patient mortality (MIMIC-IV), demonstrating a general use case beyond fundamental physics for this new type of adversarial attack algorithms.