2021
DOI: 10.48550/arxiv.2109.06098
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

The mathematics of adversarial attacks in AI -- Why deep learning is unstable despite the existence of stable neural networks

Abstract: The unprecedented success of deep learning (DL) makes it unchallenged when it comes to classification problems. However, it is well established that the current DL methodology produces universally unstable neural networks (NNs). The instability problem has caused an enormous research effort -with a vast literature on so-called adversarial attacks -yet there has been no solution to the problem. Our paper addresses why there has been no solution to the problem, as we prove the following mathematical paradox: any… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
4
2
1

Relationship

1
6

Authors

Journals

citations
Cited by 8 publications
(10 citation statements)
references
References 32 publications
0
8
0
Order By: Relevance
“…Since F Θ is a continuous function in Θ, if Θ a is an adversarial parameter for Θ then there exists a small sphere S a with Θ a as center such that all parameters in S a are also adversarial parameters for Θ. These results imply that adversarial parameters are inevitable in certain sense, similar to adversarial samples [6,3,27].…”
Section: Contributionsmentioning
confidence: 97%
See 3 more Smart Citations
“…Since F Θ is a continuous function in Θ, if Θ a is an adversarial parameter for Θ then there exists a small sphere S a with Θ a as center such that all parameters in S a are also adversarial parameters for Θ. These results imply that adversarial parameters are inevitable in certain sense, similar to adversarial samples [6,3,27].…”
Section: Contributionsmentioning
confidence: 97%
“…Existence of adversarial samples were usually demonstrated with numerical experiments, and mathematical theories were desired. In [6], it was proved that for DNNs with a fixed architecture, there exist uncountable classification functions and distributions of samples such that adversarial samples always exist for any successfully trained DNN with the given architecture and the sample distribution. In the stealth attack [34,35], it was proved that there exist attached DNNs which give a desired label for a sample outside of the validation set by modifying the DNN.…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…The techniques developed in this paper to prove Theorem 3.3 can be used and extended to produce computability and complexity results in other fields. In particular, they form the basis of some of the developments in [7] and [34] on the limitations of AI and Smale's 18th problem.…”
Section: Main Theorem I (Part A): the Extended Smale's 9th -Computing...mentioning
confidence: 99%