Relationship between manifold smoothness and adversarial vulnerability in deep learning with local errors

doi:10.1088/1674-1056/abd68e

Abstract Artificial neural networks can achieve impressive performances, and even outperform humans in some specific tasks. Nevertheless, unlike biological brains, the artificial neural networks suffer from tiny perturbations in sensory input, under various kinds of adversarial attacks. It is therefore necessary to study the origin of the adversarial vulnerability. Here, we establish a fundamental relationship between geometry of hidden representations (manifold perspective) and the generalization capability of the deep networks. For this purpose, we choose a deep neural network trained by local errors, and then analyze emergent properties of the trained networks through the manifold dimensionality, manifold smoothness, and the generalization capability. To explore effects of adversarial examples, we consider independent Gaussian noise attacks and fast-gradient-sign-method (FGSM) attacks. Our study reveals that a high generalization accuracy requires a relatively fast power-law decay of the eigen-spectrum of hidden representations. Under Gaussian attacks, the relationship between generalization accuracy and power-law exponent is monotonic, while a non-monotonic behavior is observed for FGSM attacks. Our empirical study provides a route towards a final mechanistic interpretation of adversarial vulnerability under adversarial attacks.

Keywords: neural networks learning

Received: 09 July 2020
Revised: 09 December 2020
Accepted manuscript online: 24 December 2020

PACS:	87.18.Sn	(Neural networks and synaptic communication)
	87.19.lv	(Learning and memory)

Fund: Project supported by the National Key R&D Program of China (Grant No. 2019YFA0706302), the start-up budget 74130-18831109 of the 100-talent-program of Sun Yat-sen University, and the National Natural Science Foundation of China (Grant No. 11805284).

Corresponding Authors: ^†Corresponding author. E-mail: huanghp7@mail.sysu.edu.cn

Cite this article:

Zijian Jiang(蒋子健), Jianwen Zhou(周健文), and Haiping Huang(黄海平) Relationship between manifold smoothness and adversarial vulnerability in deep learning with local errors 2021 Chin. Phys. B 30 048702

1 Goodfellow I, Bengio Y and Courville A2016 Deep Learning (Cambridge, MA: MIT Press)
2 Carlini N and Wagner D 2017 IEEE Symposium on Security and Privacy (SP), pp. 39-57
3 Su J W, Vargas D V and Sakurai K 2019 IEEE Transactions on Evolutionary Computation 23 828
4 Zhou Z L and Firestone C 2019 Nat. Commun. 10 1334
5 Stringer C, Pachitariu M, Steinmetz N, Carandini M and Harris K D 2019 Nature 571 361
6 Mostafa H, Ramesh V and Cauwenberghs G 2018 Frontiers in Neuroscience 12 608
7 Lillicrap T P, Santoro A, Marris L, Akerman C J and Hinton G 2020 Nature Reviews Neuroscience 21 335
8 Yamins D L K and DiCarlo J 2016 Nat. Neurosci. 19 356
9 Lecun Y, Bottou L, Bengio Y and Haffner P 1998 Proc. IEEE 86 2278
10 Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I and Fergus R 2014 International Conference on Learning Representations (ICLR)
11 Goodfellow I, Shlens J and Szegedy C 2015 International Conference on Learning Representations (ICLR)
12 Huang H P 2018 Phys. Rev. E 98 062313
13 Zhou J W and Huang H P 2021 Phys. Rev. E 103 012315

[1]	Prediction of lattice thermal conductivity with two-stage interpretable machine learning Jinlong Hu(胡锦龙), Yuting Zuo(左钰婷), Yuzhou Hao(郝昱州), Guoyu Shu(舒国钰), Yang Wang(王洋), Minxuan Feng(冯敏轩), Xuejie Li(李雪洁), Xiaoying Wang(王晓莹), Jun Sun(孙军), Xiangdong Ding(丁向东), Zhibin Gao(高志斌), Guimei Zhu(朱桂妹), Baowen Li(李保文). Chin. Phys. B, 2023, 32(4): 046301.
[2]	Meshfree-based physics-informed neural networks for the unsteady Oseen equations Keyi Peng(彭珂依), Jing Yue(岳靖), Wen Zhang(张文), and Jian Li(李剑). Chin. Phys. B, 2023, 32(4): 040208.
[3]	The coupled deep neural networks for coupling of the Stokes and Darcy-Forchheimer problems Jing Yue(岳靖), Jian Li(李剑), Wen Zhang(张文), and Zhangxin Chen(陈掌星). Chin. Phys. B, 2023, 32(1): 010201.
[4]	Variational quantum simulation of thermal statistical states on a superconducting quantum processer Xue-Yi Guo(郭学仪), Shang-Shu Li(李尚书), Xiao Xiao(效骁), Zhong-Cheng Xiang(相忠诚), Zi-Yong Ge(葛自勇), He-Kang Li(李贺康), Peng-Tao Song(宋鹏涛), Yi Peng(彭益), Zhan Wang(王战), Kai Xu(许凯), Pan Zhang(张潘), Lei Wang(王磊), Dong-Ning Zheng(郑东宁), and Heng Fan(范桁). Chin. Phys. B, 2023, 32(1): 010307.
[5]	Deep-learning-based cryptanalysis of two types of nonlinear optical cryptosystems Xiao-Gang Wang(汪小刚) and Hao-Yu Wei(魏浩宇). Chin. Phys. B, 2022, 31(9): 094202.
[6]	Exploring fundamental laws of classical mechanics via predicting the orbits of planets based on neural networks Jian Zhang(张健), Yiming Liu(刘一鸣), and Zhanchun Tu(涂展春). Chin. Phys. B, 2022, 31(9): 094502.
[7]	Hyperparameter on-line learning of stochastic resonance based threshold networks Weijin Li(李伟进), Yuhao Ren(任昱昊), and Fabing Duan(段法兵). Chin. Phys. B, 2022, 31(8): 080503.
[8]	Machine learning potential aided structure search for low-lying candidates of Au clusters Tonghe Ying(应通和), Jianbao Zhu(朱健保), and Wenguang Zhu(朱文光). Chin. Phys. B, 2022, 31(7): 078402.
[9]	Pulse coding off-chip learning algorithm for memristive artificial neural network Ming-Jian Guo(郭明健), Shu-Kai Duan(段书凯), and Li-Dan Wang(王丽丹). Chin. Phys. B, 2022, 31(7): 078702.
[10]	Data-driven modeling of a four-dimensional stochastic projectile system Yong Huang(黄勇) and Yang Li(李扬). Chin. Phys. B, 2022, 31(7): 070501.
[11]	Development of an electronic stopping power model based on deep learning and its application in ion range prediction Xun Guo(郭寻), Hao Wang(王浩), Changkai Li(李长楷),Shijun Zhao(赵仕俊), Ke Jin(靳柯), and Jianming Xue(薛建明). Chin. Phys. B, 2022, 31(7): 073402.
[12]	Data-driven parity-time-symmetric vector rogue wave solutions of multi-component nonlinear Schrödinger equation Li-Jun Chang(常莉君), Yi-Fan Mo(莫一凡), Li-Ming Ling(凌黎明), and De-Lu Zeng(曾德炉). Chin. Phys. B, 2022, 31(6): 060201.
[13]	Quantum algorithm for neighborhood preserving embedding Shi-Jie Pan(潘世杰), Lin-Chun Wan(万林春), Hai-Ling Liu(刘海玲), Yu-Sen Wu(吴宇森), Su-Juan Qin(秦素娟), Qiao-Yan Wen(温巧燕), and Fei Gao(高飞). Chin. Phys. B, 2022, 31(6): 060304.
[14]	Evaluation of performance of machine learning methods in mining structure—property data of halide perovskite materials Ruoting Zhao(赵若廷), Bangyu Xing(邢邦昱), Huimin Mu(穆慧敏), Yuhao Fu(付钰豪), and Lijun Zhang(张立军). Chin. Phys. B, 2022, 31(5): 056302.
[15]	Fringe removal algorithms for atomic absorption images: A survey Gaoyi Lei(雷高益), Chencheng Tang(唐陈成), and Yueyang Zhai(翟跃阳). Chin. Phys. B, 2022, 31(5): 050313.

No Suggested Reading articles found!

Viewed

Full text

Abstract

Cited

Metrics
Related Articles

Relationship between manifold smoothness and adversarial vulnerability in deep learning with local errors

Cite this article:

Online attention