Mappings, dimensionality and reversing out of deep neural networks

IF 1.4 4区数学 Q2 MATHEMATICS, APPLIED IMA Journal of Applied Mathematics Pub Date : 2023-06-23 DOI:10.1093/imamat/hxad019

Zhaofang Cui, P. Grindrod

引用次数: 1

Abstract

We consider a large cloud of vectors formed at each layer of a standard neural network, corresponding to a large number of separate inputs which were presented independently to the classifier. Although the embedding dimension (the total possible degrees of freedom) reduces as we pass through successive layers, from input to output, the actual dimensionality of the point clouds that the layers contain does not necessarily reduce. We argue that this phenomenon may result in a vulnerability to (universal) adversarial attacks (which are small specific perturbations). This analysis requires us to estimate the intrinsic dimension of point clouds (with values between 20 and 200) within embedding spaces of dimension 1000 up to 800,000. This needs some care. If the cloud dimension actually increases from one layer to the next it implies there is some ‘volume filling’ over-folding, and thus there exist possible small directional perturbations in the latter space that are equivalent to shifting large distances within the former space, thus inviting possibility of universal and imperceptible attacks.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

深度神经网络的映射、维数和反转

我们考虑在标准神经网络的每一层形成的大量向量云，对应于大量独立呈现给分类器的单独输入。虽然嵌入维度(总可能的自由度)随着我们通过连续的层而减少，从输入到输出，层中包含的点云的实际维度并不一定会减少。我们认为，这种现象可能导致易受(普遍的)对抗性攻击(这是小的特定扰动)。这种分析要求我们在1000维到80万维的嵌入空间中估计点云(值在20到200之间)的内在维数。这需要小心点。如果云维度实际上从一层增加到下一层，这意味着存在一些“体积填充”的过度折叠，因此在后一层空间中可能存在小的方向性扰动，相当于在前一层空间中移动了很长的距离，从而引发了普遍和难以察觉的攻击的可能性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IMA Journal of Applied Mathematics 数学-应用数学

CiteScore

2.30

自引率

8.30%

发文量

审稿时长

24 months

期刊介绍： The IMA Journal of Applied Mathematics is a direct successor of the Journal of the Institute of Mathematics and its Applications which was started in 1965. It is an interdisciplinary journal that publishes research on mathematics arising in the physical sciences and engineering as well as suitable articles in the life sciences, social sciences, and finance. Submissions should address interesting and challenging mathematical problems arising in applications. A good balance between the development of the application(s) and the analysis is expected. Papers that either use established methods to address solved problems or that present analysis in the absence of applications will not be considered. The journal welcomes submissions in many research areas. Examples are: continuum mechanics materials science and elasticity, including boundary layer theory, combustion, complex flows and soft matter, electrohydrodynamics and magnetohydrodynamics, geophysical flows, granular flows, interfacial and free surface flows, vortex dynamics; elasticity theory; linear and nonlinear wave propagation, nonlinear optics and photonics; inverse problems; applied dynamical systems and nonlinear systems; mathematical physics; stochastic differential equations and stochastic dynamics; network science; industrial applications.