A Simple Explanation for the Mysterious Existence of Adversarial Examples with Small Hamming Distance
Adi Shamir
Abstract:
The existence of adversarial examples in which tiny changes in the input can fool well trained neural networks has many applications and implications in object recognition, autonomous driving, cyber security, etc. However, it is still far from being understood why such examples exist, and which parameters determine the number of input coordinates one has to change in order to mislead the network. In this talk I will describe a simple mathematical framework which enables us to think about this problem from a fresh perspective, turning the existence of adversarial examples from a baffling phenomenon into a natural consequence of the geometry of R^n with the $L_0$ (Hamming) metric, which can be quantitatively analyzed.
Time and Place
Thursday, September 5, 4:15pm
Gates 104