Adversarial attacks via backward error analysis - Algorithmes Parallèles et Optimisation Accéder directement au contenu
Pré-Publication, Document De Travail Année : 2021

Adversarial attacks via backward error analysis

Pierre Boudier
  • Fonction : Auteur
  • PersonId : 1106147
Alfredo Buttari
Serge Gratton
Théo Mary
Stéphane Pralet
  • Fonction : Auteur
  • PersonId : 1106148

Résumé

Backward error (BE) analysis was developed and popularized by James Wilkinson in the 1950s and 1960s, with origins in the works of Neumann and Goldstine (1947) and Turing (1948). It is a fundamental notion used in numerical linear algebra software, both as a theoretical and a practical tool for the rounding error analysis of numerical algorithms. Broadly speaking the backward error quantifies, in terms of perturbation of input data, by how much the output of an algorithm fails to be equal to an expected quantity. For a given computed solution y, this amounts to computing the norm of the smallest perturbation ∆x of the input data x such that y is an exact solution of a perturbed system: f (x + ∆x) = y. Up to now, BE analysis has been applied to numerous linear algebra problems, always with the objective of quantifying the robustness of algebraic processes with respect to rounding errors stemming from finite precision computations. While deep neural networks (DNN) have achieved an unprecedented success in numerous machine learning tasks in various domains, their robustness to adversarial attacks, rounding errors, or quantization processes has raised considerable concerns from the machine learning community. In this work, we generalize BE analysis to DNN. This enables us to obtain closed formulas and a numerical algorithm for computing adversarial attacks. By construction, these attacks are optimal, and thereby smaller, in norm, than perturbations obtained with existing gradient-based approaches. We produce numerical results that support our theoretical findings and illustrate the relevance of our approach on well-known datasets.
Fichier principal
Vignette du fichier
Adversarial_BE.pdf (618.27 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03296180 , version 1 (22-07-2021)
hal-03296180 , version 2 (07-12-2021)
hal-03296180 , version 3 (09-12-2021)

Identifiants

  • HAL Id : hal-03296180 , version 1

Citer

Théo Beuzeville, Pierre Boudier, Alfredo Buttari, Serge Gratton, Théo Mary, et al.. Adversarial attacks via backward error analysis. 2021. ⟨hal-03296180v1⟩
668 Consultations
222 Téléchargements

Partager

Gmail Facebook X LinkedIn More