Accéder directement au contenu Accéder directement à la navigation
Pré-publication, Document de travail

Canonical foliations of neural networks: application to robustness

Abstract : Adversarial attack is an emerging threat to the trustability of machine learning. Understanding these attacks is becoming a crucial task. We propose a new vision on neural network robustness using Riemannian geometry and foliation theory, and create a new adversarial attack by taking into account the curvature of the data space. This new adversarial attack called the "dog-leg attack" is a two-step approximation of a geodesic in the data space. The data space is treated as a (pseudo) Riemannian manifold equipped with the pullback of the Fisher Information Metric (FIM) of the neural network. In most cases, this metric is only semi-definite and its kernel becomes a central object to study. A canonical foliation is derived from this kernel. The curvature of the foliation's leaves gives the appropriate correction to get a two-step approximation of the geodesic and hence a new efficient adversarial attack. Our attack is tested on a toy example, a neural network trained to mimic the Xor function, and demonstrates better results that the state of the art attack presented by Zhao et al. (2019).
Liste complète des métadonnées
Contributeur : Nicolas COUELLAN Connectez-vous pour contacter le contributeur
Soumis le : mercredi 2 mars 2022 - 09:21:42
Dernière modification le : lundi 4 juillet 2022 - 10:25:57
Archivage à long terme le : : mardi 31 mai 2022 - 18:29:21


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-03593479, version 1


Eliot Tron, Nicolas Couellan, Stéphane Puechmorel. Canonical foliations of neural networks: application to robustness. 2022. ⟨hal-03593479⟩



Consultations de la notice


Téléchargements de fichiers