Abstract
In recent scientific literature, some studies have been published where recognition rates obtained with Deep Learning (DL) surpass those obtained by humans on the same task. In contrast to this, other studies have shown that DL networks have a somewhat strange behavior which is very different from human responses when confronted with the same task. The case of the so-called “adversarial examples” is perhaps the best example in this regard. Despite the biological plausibility of neural networks, the fact that they can produce such implausible misclassifications still points to a fundamental difference between human and machine learning. This paper delves into the possible causes of this intriguing phenomenon. We first contend that, if adversarial examples are pointing to an implausibility it is because our perception of them relies on our capability to recognise the classes of the images. For this reason we focus on what we call cognitively adversarial examples, which are those obtained from samples that the classifier can in fact recognise correctly. Additionally, in this paper we argue that the phenomenon of adversarial examples is rooted in the inescapable trade-off that exists in machine learning (including DL) between fitting and generalization. This hypothesis is supported by experiments carried out in which the robustness to adversarial examples is measured with respect to the degree of fitting to the training samples.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Airplane, automobile, bird, cat, deer, dog, frog, horse, ship and truck.
References
Yuille, A.L., Liu, C.: Deep nets: What have they ever done for vision? CoRR abs/1805.04025 (2018). http://arXiv.org/abs/1805.04025
Szegedy, C., et al.: Intriguing properties of neural networks, CoRR abs/1312.6199 (2013). http://dblp.uni-trier.de/db/journals/corr/corr1312.html#SzegedyZSBEGF13
Athalye, A., Engstrom, L., Ilyas, A., Kwok, K.: Synthesizing robust adversarial examples, CoRR abs/1707.07397 (2017). arXiv:1707.07397
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples, arXiv preprint arXiv:1412.6572 (2014)
Fawzi, A., Fawzi, O., Frossard, P.: Fundamental limits on adversarial robustness. In: Proceedings of ICML, Workshop on Deep Learning (2015). http://infoscience.epfl.ch/record/214923
Tabacof, P., Valle, E.: Exploring the space of adversarial images. In: 2016 International Joint Conference on Neural Networks (IJCNN), pp. 426–433 (2016)
Serban, A.C., Poll, E.: Adversarial examples: a complete characterisation of the phenomenon, CoRR abs/1810.01185 (2018). arXiv:1810.01185
Tanay, T., Griffin, L.D.: A boundary tilting persepective on the phenomenon of adversarial examples, CoRR abs/1608.07690 (2016). arXiv:1608.07690
Fawzi, A., Moosavi-Dezfooli, S., Frossard, P.: Robustness of classifiers: from adversarial to random noise, CoRR abs/1608.08967 (2016). arXiv:1608.08967
Gilmer, J., et al.: Adversarial spheres, CoRR abs/1801.02774 (2018). arXiv:1801.02774
Schmidt, L., Santurkar, S., Tsipras, D., Talwar, K., Madry, A.: Adversarially robust generalization requires more data, CoRR abs/1804.11285 (2018). arXiv:1804.11285
Simon-Gabriel, C.-J., Ollivier, Y., Schölkopf, B., Bottou, L., Lopez-Paz, D.: Adversarial vulnerability of neural networks increases with input dimension, CoRR abs/1802.01421 (2018)
Papernot, N., McDaniel, P.D.: Deep k-nearest neighbors: towards confident, interpretable and robust deep learning, CoRR abs/1803.04765 (2018). arXiv:1803.04765
Papernot, N., McDaniel, P., Goodfellow, I.: Transferability in machine learning: from phenomena to black-box attacks using adversarial samples, arXiv preprint arXiv:1605.07277 (2016)
Charles, Z.B., Rosenberg, H., Papailiopoulos, D.S.: A geometric perspective on the transferability of adversarial directions, CoRR abs/1811.03531 (2018)
Wang, Y., Jha, S., Chaudhuri, K.: Analyzing the robustness of nearest neighbors to adversarial examples. In: ICML (2018)
Bortolussi, L., Sanguinetti, L.: Intrinsic geometric vulnerability of high-dimensional artificial intelligence, CoRR abs/1811.03571 (2018). arXiv:1811.03571
Tsipras, D., Santurkar, S., Engstrom, L., Turner, A., Madry, A.: Robustness may be at odds with accuracy. In: International Conference on Learning Representations (2019). https://openreview.net/forum?id=SyxAb30cY7
Shamir, A., Safran, I., Ronen, I., Dunkelman, O.: A simple explanation for the existence of adversarial examples with small hamming distance, CoRR abs/1901.10861 (2019). arXiv:1901.10861
LeCun, Y., Cortes, C.: MNIST handwritten digit database (2010). http://yann.lecun.com/exdb/mnist/. (cited 2016-01-14 14:24:11)
Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10 (Canadian Institute for Advanced Research). http://www.cs.toronto.edu/~kriz/cifar.html
Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks, CoRR abs/1511.04599 (2015). arXiv:1511.04599
Acknowledgments
This work was partially funded by projects TIN2017-82113-C2-2-R by the Spanish Ministry of Economy and Business and SBPLY/17/180501/000543 by the Autonomous Government of Castilla-La Mancha and the ERDF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Deniz, O., Vallez, N., Bueno, G. (2019). Adversarial Examples are a Manifestation of the Fitting-Generalization Trade-off. In: Rojas, I., Joya, G., Catala, A. (eds) Advances in Computational Intelligence. IWANN 2019. Lecture Notes in Computer Science(), vol 11506. Springer, Cham. https://doi.org/10.1007/978-3-030-20521-8_47
Download citation
DOI: https://doi.org/10.1007/978-3-030-20521-8_47
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20520-1
Online ISBN: 978-3-030-20521-8
eBook Packages: Computer ScienceComputer Science (R0)