Papers
Topics
Authors
Recent
2000 character limit reached

Complexity Matters: Effective Dimensionality as a Measure for Adversarial Robustness (2410.18556v1)

Published 24 Oct 2024 in cs.LG, cs.AI, and cs.CR

Abstract: Quantifying robustness in a single measure for the purposes of model selection, development of adversarial training methods, and anticipating trends has so far been elusive. The simplest metric to consider is the number of trainable parameters in a model but this has previously been shown to be insufficient at explaining robustness properties. A variety of other metrics, such as ones based on boundary thickness and gradient flatness have been proposed but have been shown to be inadequate proxies for robustness. In this work, we investigate the relationship between a model's effective dimensionality, which can be thought of as model complexity, and its robustness properties. We run experiments on commercial-scale models that are often used in real-world environments such as YOLO and ResNet. We reveal a near-linear inverse relationship between effective dimensionality and adversarial robustness, that is models with a lower dimensionality exhibit better robustness. We investigate the effect of a variety of adversarial training methods on effective dimensionality and find the same inverse linear relationship present, suggesting that effective dimensionality can serve as a useful criterion for model selection and robustness evaluation, providing a more nuanced and effective metric than parameter count or previously-tested measures.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. Adversarial robustness limits via scaling-law and human-alignment studies, 2024. URL https://arxiv.org/abs/2404.09349.
  2. Nicholas Carlini. Cutting through buggy adversarial example defenses: fixing 1 line of code breaks sabre, 2024. URL https://arxiv.org/abs/2405.03672.
  3. Unlabeled data improves adversarial robustness, 2022. URL https://arxiv.org/abs/1905.13736.
  4. Minimally distorted adversarial examples with a fast adaptive boundary attack, 2020a. URL https://arxiv.org/abs/1907.02044.
  5. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks, 2020b. URL https://arxiv.org/abs/2003.01690.
  6. Robustbench: a standardized adversarial robustness benchmark, 2021. URL https://arxiv.org/abs/2010.09670.
  7. Scaling compute is not all you need for adversarial robustness, 2023. URL https://arxiv.org/abs/2312.13131.
  8. Imagenet: A large-scale hierarchical image database. In 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp.  248–255, 2009. doi: 10.1109/CVPR.2009.5206848.
  9. Sabre: Cutting through adversarial noise with adaptive spectral filtering and input reconstruction. 2024 IEEE Symposium on Security and Privacy (SP), pp. 2901–2919, 2024. URL https://api.semanticscholar.org/CorpusID:266524972.
  10. Efficient and accurate estimation of lipschitz constants for deep neural networks, 2023. URL https://arxiv.org/abs/1906.04893.
  11. Adversarial examples are a natural consequence of test error in noise, 2019. URL https://arxiv.org/abs/1901.10513.
  12. Predicting generalization with degrees of freedom in neural networks. In ICML 2022 2nd AI for Science Workshop, 2022. URL https://openreview.net/forum?id=_Qaz9ZZSIHc.
  13. Deep residual learning for image recognition, 2015. URL https://arxiv.org/abs/1512.03385.
  14. Multilayer feedforward networks are universal approximators. Neural Networks, 2(5):359–366, 1989. ISSN 0893-6080. doi: https://doi.org/10.1016/0893-6080(89)90020-8. URL https://www.sciencedirect.com/science/article/pii/0893608089900208.
  15. Exploring scaling trends in llm robustness, 2024. URL https://arxiv.org/abs/2407.18213.
  16. Hoki Kim. Torchattacks: A pytorch repository for adversarial attacks. arXiv preprint arXiv:2010.01950, 2020.
  17. Fantastic robustness measures: The secrets of robust generalization. In Thirty-seventh Conference on Neural Information Processing Systems, 2023. URL https://openreview.net/forum?id=AGVBqJuL0T.
  18. Alex Krizhevsky. Learning multiple layers of features from tiny images. 2009. URL https://api.semanticscholar.org/CorpusID:18268744.
  19. David MacKay. Bayesian model comparison and backprop nets. In J. Moody, S. Hanson, and R.P. Lippmann (eds.), Advances in Neural Information Processing Systems, volume 4. Morgan-Kaufmann, 1991. URL https://proceedings.neurips.cc/paper_files/paper/1991/file/c3c59e5f8b3e9753913f4d435b53c308-Paper.pdf.
  20. David J. C. MacKay. Bayesian Interpolation. Neural Computation, 4(3):415–447, 05 1992. ISSN 0899-7667. doi: 10.1162/neco.1992.4.3.415. URL https://doi.org/10.1162/neco.1992.4.3.415.
  21. Rethinking parameter counting in deep models: Effective dimensionality revisited, 2020. URL https://arxiv.org/abs/2003.02139.
  22. Towards deep learning models resistant to adversarial attacks, 2019. URL https://arxiv.org/abs/1706.06083.
  23. Overfitting in adversarially robust deep learning, 2020. URL https://arxiv.org/abs/2002.11569.
  24. Adversarial training for free!, 2019. URL https://arxiv.org/abs/1904.12843.
  25. Relating adversarially robust generalization to flat minima, 2021. URL https://arxiv.org/abs/2104.04448.
  26. A.i. robustness: a human-centered perspective on technological challenges and opportunities, 2022. URL https://arxiv.org/abs/2210.08906.
  27. Yolov8: A novel object detection algorithm with enhanced performance and robustness. In 2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS), pp.  1–6, 2024. doi: 10.1109/ADICS58448.2024.10533619.
  28. Improving adversarial robustness requires revisiting misclassified examples. In International Conference on Learning Representations, 2020. URL https://openreview.net/forum?id=rklOg6EFwS.
  29. Adversarial weight perturbation helps robust generalization, 2020. URL https://arxiv.org/abs/2004.05884.
  30. A closer look at accuracy vs. robustness, 2020. URL https://arxiv.org/abs/2003.02460.
  31. Boundary thickness and robustness in learning models, 2021. URL https://arxiv.org/abs/2007.05086.
  32. Theoretically principled trade-off between robustness and accuracy, 2019. URL https://arxiv.org/abs/1901.08573.
  33. Shufflenet: An extremely efficient convolutional neural network for mobile devices, 2017. URL https://arxiv.org/abs/1707.01083.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now

Whiteboard

Video Overview

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up