Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality

X Ma; Bo Li; Yisen Wang; Sarah M. Erfani; Sudanthi Wijewickrema; Grant Schoenebeck; Dawn Song; Michael E Houle; james Bailey

Conference Proceedings

Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality

X Ma, Bo Li, Yisen Wang, Sarah M. Erfani, Sudanthi Wijewickrema, Grant Schoenebeck, Dawn Song, Michael E Houle, james Bailey

6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings | ICLR | Published : 2018

Abstract

Deep Neural Networks (DNNs) have recently been shown to be vulnerable against adversarial examples, which are carefully crafted instances that can mislead DNNs to make errors during prediction. To better understand such attacks, a characterization is needed of the properties of regions (the so-called `adversarial subspaces') in which adversarial examples lie. We tackle this challenge by characterizing the dimensional properties of adversarial regions, via the use of Local Intrinsic Dimensionality (LID). LID assesses the space-filling capability of the region surrounding a reference example, based on the distance distribution of the example to its neighbors. We first provide explanations abou..

View full abstract