On The Relationship Between Universal Adversarial Attacks And Sparse Representations

November 14, 2023 · Entered Twilight · 🏛 IEEE Open Journal of Signal Processing

Repo contents: .DS_Store, README.md, attack_accuracy, attacks, checkpoints, correlations, evaluate_DA_on_classification.py, evaluate_DA_on_sparse_coding.py, hist_delta_energy.py, load_corrs_and_plot.py, models, requirements.txt, scatter_plot_attack_delta_sc.py, train_sparse_coders, utils.py

Authors Dana Weitzner, Raja Giryes arXiv ID 2311.08265 Category cs.CV: Computer Vision Cross-listed cs.AI Citations 0 Venue IEEE Open Journal of Signal Processing Repository https://github.com/danawr/adversarial_attacks_and_sparse_representations ⭐ 1 Last Checked 3 months ago

Abstract

The prominent success of neural networks, mainly in computer vision tasks, is increasingly shadowed by their sensitivity to small, barely perceivable adversarial perturbations in image input. In this work, we aim at explaining this vulnerability through the framework of sparsity. We show the connection between adversarial attacks and sparse representations, with a focus on explaining the universality and transferability of adversarial examples in neural networks. To this end, we show that sparse coding algorithms, and the neural network-based learned iterative shrinkage thresholding algorithm (LISTA) among them, suffer from this sensitivity, and that common attacks on neural networks can be expressed as attacks on the sparse representation of the input image. The phenomenon that we observe holds true also when the network is agnostic to the sparse representation and dictionary, and thus can provide a possible explanation for the universality and transferability of adversarial attacks. The code is available at https://github.com/danawr/adversarial_attacks_and_sparse_representations.