Conference proceeding
Derivation of Information-Theoretically Optimal Adversarial Attacks with Applications to Robust Machine Learning
Conference record - Asilomar Conference on Signals, Systems, & Computers, pp.183-187
10/27/2024
DOI: 10.1109/IEEECONF60004.2024.10942758
Abstract
We address the theoretical problem of designing an optimal adversarial attack on a decision system to maximize degradation in system performance, as measured by the mutual information between the degraded signal and the target label. Motivated by adversarial examples in machine learning classifiers, we use an information-theoretic approach to establish conditions where adversarial vulnerability is inevitable. We derive optimal adversarial attacks for both discrete and continuous signals and demonstrate that minimizing mutual information becomes significantly harder with multiple redundant copies of the input signal. This finding supports the "feature compression" hypothesis as a basis for the adversar-ial vulnerability of deep learning classifiers. We also present computational results validating our theoretical findings.
Details
- Title: Subtitle
- Derivation of Information-Theoretically Optimal Adversarial Attacks with Applications to Robust Machine Learning
- Creators
- Jirong Yi - University of IowaRaghu Mudumbai - University of IowaWeiyu Xu - University of Iowa
- Resource Type
- Conference proceeding
- Publication Details
- Conference record - Asilomar Conference on Signals, Systems, & Computers, pp.183-187
- DOI
- 10.1109/IEEECONF60004.2024.10942758
- eISSN
- 2576-2303
- Publisher
- IEEE
- Language
- English
- Date published
- 10/27/2024
- Academic Unit
- Electrical and Computer Engineering
- Record Identifier
- 9984808279202771
Metrics
11 Record Views