at Google ScholarTitle data
Rambau, Jörg ; Richter, Rónán R.C.:
Towards robust adversarial examples for deep neural networks.
Bayreuth
,
2025
. - 18 p.
- (Special Issue Dedicated to the 70th birthday of Professor Tamás Terlaky
)
DOI: https://doi.org/10.15495/EPub_UBT_00008704
Abstract in another language
In this paper, we show two methods to compute sampling-robust adversarial examples (AEs) for deep neural networks with rectilinear units (DNNs). Both methods use an adjustable robust counter-part of a MILP model by Fischetti an Jo. They rely on new uncertainty sets in (pseudo-)metric spaces of DNNs with identical structure and compact inputs. One method (the inner method) needs full information on weights and biases of a nominal DNN after training. The other one (the outer method) only needs full information on the training data and the training method used. We compare the two methods in experiments on DNNs classifying small fashion images according to the type of apparel shown.
While the inner method generates AEs that are only robust w.r.t. very mild retraining of a DNN, the outer method leads to AEs that are robust w.r.t. retraining from scratch on the same training data. The outer approach can therefore in principle be used for grey-box attacks of DNNs with no knowledge on internal parameters after training.