Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Adversarial attacks via backward error analysis

Abstract : Backward error (BE) analysis was developed and popularized by James Wilkinson in the 1950s and 1960s, with origins in the works of Neumann and Goldstine (1947) and Turing (1948). It is a fundamental notion used in numerical linear algebra software, both as a theoretical and a practical tool for the rounding error analysis of numerical algorithms. Broadly speaking the backward error quantifies, in terms of perturbation of input data, by how much the output of an algorithm fails to be equal to an expected quantity. For a given computed solution y, this amounts to computing the norm of the smallest perturbation ∆x of the input data x such that y is an exact solution of a perturbed system: f (x + ∆x) = y. Up to now, BE analysis has been applied to numerous linear algebra problems, always with the objective of quantifying the robustness of algebraic processes with respect to rounding errors stemming from finite precision computations. While deep neural networks (DNN) have achieved an unprecedented success in numerous machine learning tasks in various domains, their robustness to adversarial attacks, rounding errors, or quantization processes has raised considerable concerns from the machine learning community. In this work, we generalize BE analysis to DNN. This enables us to obtain closed formulas and a numerical algorithm for computing adversarial attacks. By construction, these attacks are optimal, and thereby smaller, in norm, than perturbations obtained with existing gradient-based approaches. We produce numerical results that support our theoretical findings and illustrate the relevance of our approach on well-known datasets.
Complete list of metadata

https://hal-univ-tlse3.archives-ouvertes.fr/hal-03296180
Contributor : Théo Beuzeville Connect in order to contact the contributor
Submitted on : Thursday, July 22, 2021 - 4:08:46 PM
Last modification on : Tuesday, November 16, 2021 - 4:21:19 AM
Long-term archiving on: : Saturday, October 23, 2021 - 7:01:42 PM

File

Adversarial_BE.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03296180, version 1

Citation

Théo Beuzeville, Pierre Boudier, Alfredo Buttari, Serge Gratton, Théo Mary, et al.. Adversarial attacks via backward error analysis. 2021. ⟨hal-03296180⟩

Share

Metrics

Record views

123

Files downloads

58