Towards robust adversarial examples for deep neural networks

Titelangaben

Rambau, Jörg ; Richter, Rónán R. C.:
Towards robust adversarial examples for deep neural networks.
Bayreuth , 2025 . - 18 S. - (Special Issue Dedicated to the 70th birthday of Professor Tamás Terlaky )
DOI: https://doi.org/10.15495/EPub_UBT_00008704

Volltext

Link zum Volltext (externe URL):

Abstract

In this paper, we show two methods to compute sampling-robust adversarial examples (AEs)
for deep neural networks with rectilinear units (DNNs). Both methods use an adjustable robust counter-
part of a MILP model by Fischetti an Jo. They rely on new uncertainty sets in (pseudo-)metric spaces
of DNNs with identical structure and compact inputs. One method (the inner method) needs full infor-
mation on weights and biases of a nominal DNN after training. The other one (the outer method) only
needs full information on the training data and the training method used. We compare the two meth-
ods in experiments on DNNs classifying small fashion images according to the type of apparel shown.
While the inner method generates AEs that are only robust w.r.t. very mild retraining of a DNN, the outer
method leads to AEs that are robust w.r.t. retraining from scratch on the same training data. The outer
approach can therefore in principle be used for grey-box attacks of DNNs with no knowledge on internal
parameters after training.