Modeling and Eliminating Adversarial Examples using Function Theory of Several Complex Variables
Keywords: adversarial examples, learning theory, robust training, complex analysis
Abstract: The reliability of a learning model is key to the successful deployment of machine learning in various industries. Training a robust model, unaffected by adversarial attacks, requires a comprehensive understanding of the adversarial examples phenomenon. This paper presents a model and a solution for the existence and transfer of adversarial examples in analytic hypotheses. Grounded in the function theory of several complex variables, we propose the class of complex-valued holomorphic hypotheses as a natural way to represent the submanifold of the samples and the decision boundary simultaneously. To describe the mechanism in which the adversarial examples occur and transfer, we specialize the definitions of the optimal Bayes and the maximum margin classifiers to this class of hypotheses. The approach is validated initially on both synthetic and real-world classification problems using polynomials. Backed by theoretical and experimental results, we believe the analysis to apply to other classes of analytic hypotheses such as neural networks.
One-sentence Summary: We provide an analysis of the adversarial examples phenomenon, explaining existence and transfer of these samples and propose a solution to mitigate its effects.
Supplementary Material: zip
12 Replies
Loading