Adversarial Robustness Guarantees for Random Deep Neural Networks

• dc.contributor.author: De Palma, Giacomo
• dc.contributor.author: Kiani, Bobak T
• dc.contributor.author: Lloyd, Seth
• dc.date.issued: 2021
• dc.identifier.uri: https://hdl.handle.net/1721.1/138868
• dc.description.abstract: The reliability of deep learning algorithms is fundamentally challenged by the existence of adversarial examples, which are incorrectly classified inputs that are extremely close to a correctly classified input. We explore the properties of adversarial examples for deep neural networks with random weights and biases, and prove that for any p≥1, the \ell^p distance of any given input from the classification boundary scales as one over the square root of the dimension of the input times the \ell^p norm of the input. The results are based on the recently proved equivalence between Gaussian processes and deep neural networks in the limit of infinite width of the hidden layers, and are validated with experiments on both random deep neural networks and deep neural networks trained on the MNIST and CIFAR10 datasets. The results constitute a fundamental advance in the theoretical understanding of adversarial examples, and open the way to a thorough theoretical characterization of the relation between network architecture and robustness to adversarial perturbations.
• dc.language.iso: en
• dc.relation.isversionof: https://proceedings.mlr.press/v139/de-palma21a.html
• dc.source: Proceedings of Machine Learning Research
• dc.type: Article
• dc.identifier.citation: De Palma, Giacomo, Kiani, Bobak T and Lloyd, Seth. 2021. "Adversarial Robustness Guarantees for Random Deep Neural Networks." INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 139, 139.
• dc.relation.journal: INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 139
• dc.eprint.version: Final published version
• mit.journal.volume: 139