HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

The Vulnerability of Learning to Adversarial Perturbation Increases with Intrinsic Dimensionality

Abstract : Recent research has shown that machine learning systems, including state-of-the-art deep neural networks, are vulnerable to adversarial attacks. By adding to the input object an imperceptible amount of adversarial noise, it is highly likely that the classifier can be tricked into assigning the modified object to any desired class. It has also been observed that these adversarial samples generalize well across models. A complete understanding of the nature of adversarial samples has not yet emerged. Towards this goal, we present a novel theoretical result formally linking the adversarial vulnerability of learning to the intrinsic dimensionality of the data. In particular, our investigation establishes that as the local intrinsic dimensionality (LID) increases, 1-NN classifiers become increasingly prone to being subverted. We show that in expectation, a k-nearest neighbor of a test point can be transformed into its 1-nearest neighbor by adding an amount of noise that diminishes as the LID increases. We also provide an experimental validation of the impact of LID on adversarial perturbation for both synthetic and real data, and discuss the implications of our result for general classifiers.
Complete list of metadata

Cited literature [25 references]  Display  Hide  Download

Contributor : Laurent Amsaleg Connect in order to contact the contributor
Submitted on : Monday, October 2, 2017 - 4:02:03 PM
Last modification on : Friday, April 8, 2022 - 4:08:03 PM


  • HAL Id : hal-01599355, version 1


Laurent Amsaleg, James Bailey, Dominique Barbe, Sarah Erfani, Michael Houle, et al.. The Vulnerability of Learning to Adversarial Perturbation Increases with Intrinsic Dimensionality. WIFS 2017 - 9th IEEE International Workshop on Information Forensics and Security, Dec 2017, Rennes, France. ⟨hal-01599355⟩



Record views


Files downloads