A single gradient step finds adversarial examples on random two-layers neural networksDownload PDF

21 May 2021, 20:48 (edited 27 Oct 2021)NeurIPS 2021 SpotlightReaders: Everyone
  • Keywords: adversarial examples, random neural networks, deep-learning theory
  • TL;DR: We prove that a single gradient step finds adversarial examples on random two-layers neural networks.
  • Abstract: Daniely and Schacham recently showed that gradient descent finds adversarial examples on random undercomplete two-layers ReLU neural networks. The term “undercomplete” refers to the fact that their proof only holds when the number of neurons is a vanishing fraction of the ambient dimension. We extend their result to the overcomplete case, where the number of neurons is larger than the dimension (yet also subexponential in the dimension). In fact we prove that a single step of gradient descent suffices. We also show this result for any subexponential width random neural network with smooth activation function.
  • Supplementary Material: pdf
  • Code Of Conduct: I certify that all co-authors of this work have read and commit to adhering to the NeurIPS Statement on Ethics, Fairness, Inclusivity, and Code of Conduct.
9 Replies

Loading