Timezone: »
Despite achieving impressive performance, state-of-the-art classifiers remain highly vulnerable to small, imperceptible, adversarial perturbations. This vulnerability has proven empirically to be very intricate to address. In this paper, we study the phenomenon of adversarial perturbations under the assumption that the data is generated with a smooth generative model. We derive fundamental upper bounds on the robustness to perturbations of any classification function, and prove the existence of adversarial perturbations that transfer well across different classifiers with small risk. Our analysis of the robustness also provides insights onto key properties of generative models, such as their smoothness and dimensionality of latent space. We conclude with numerical experimental results showing that our bounds provide informative baselines to the maximal achievable robustness on several datasets.
Author Information
Alhussein Fawzi (DeepMind)
Hamza Fawzi (University of Cambridge)
Omar Fawzi (ENS Lyon)
More from the Same Authors
-
2021 Spotlight: Sequential Algorithms for Testing Closeness of Distributions »
Aadil Oufkir · Omar Fawzi · Nicolas Flammarion · AurĂ©lien Garivier -
2021 Poster: Sequential Algorithms for Testing Closeness of Distributions »
Aadil Oufkir · Omar Fawzi · Nicolas Flammarion · AurĂ©lien Garivier -
2021 Poster: Faster proximal algorithms for matrix optimization using Jacobi-based eigenvalue methods »
Hamza Fawzi · Harry Goulbourne -
2019 Poster: Are Labels Required for Improving Adversarial Robustness? »
Jean-Baptiste Alayrac · Jonathan Uesato · Po-Sen Huang · Alhussein Fawzi · Robert Stanforth · Pushmeet Kohli -
2019 Poster: Adversarial Robustness through Local Linearization »
Chongli Qin · James Martens · Sven Gowal · Dilip Krishnan · Krishnamurthy Dvijotham · Alhussein Fawzi · Soham De · Robert Stanforth · Pushmeet Kohli -
2019 Poster: Learning dynamic polynomial proofs »
Alhussein Fawzi · Mateusz Malinowski · Hamza Fawzi · Omar Fawzi -
2019 Spotlight: Learning dynamic polynomial proofs »
Alhussein Fawzi · Mateusz Malinowski · Hamza Fawzi · Omar Fawzi