%0 Generic %1 khoury2018geometry %A Khoury, Marc %A Hadfield-Menell, Dylan %D 2018 %K 2018 geometry machine-learning %T On the Geometry of Adversarial Examples %U http://arxiv.org/abs/1811.00525 %X Adversarial examples are a pervasive phenomenon of machine learning models where seemingly imperceptible perturbations to the input lead to misclassifications for otherwise statistically accurate models. We propose a geometric framework, drawing on tools from the manifold reconstruction literature, to analyze the high-dimensional geometry of adversarial examples. In particular, we highlight the importance of codimension: for low-dimensional data manifolds embedded in high-dimensional space there are many directions off the manifold in which to construct adversarial examples. Adversarial examples are a natural consequence of learning a decision boundary that classifies the low-dimensional data manifold well, but classifies points near the manifold incorrectly. Using our geometric framework we prove (1) a tradeoff between robustness under different norms, (2) that adversarial training in balls around the data is sample inefficient, and (3) sufficient sampling conditions under which nearest neighbor classifiers and ball-based adversarial training are robust.

@misc{khoury2018geometry, abstract = {Adversarial examples are a pervasive phenomenon of machine learning models where seemingly imperceptible perturbations to the input lead to misclassifications for otherwise statistically accurate models. We propose a geometric framework, drawing on tools from the manifold reconstruction literature, to analyze the high-dimensional geometry of adversarial examples. In particular, we highlight the importance of codimension: for low-dimensional data manifolds embedded in high-dimensional space there are many directions off the manifold in which to construct adversarial examples. Adversarial examples are a natural consequence of learning a decision boundary that classifies the low-dimensional data manifold well, but classifies points near the manifold incorrectly. Using our geometric framework we prove (1) a tradeoff between robustness under different norms, (2) that adversarial training in balls around the data is sample inefficient, and (3) sufficient sampling conditions under which nearest neighbor classifiers and ball-based adversarial training are robust.}, added-at = {2020-02-01T22:42:33.000+0100}, author = {Khoury, Marc and Hadfield-Menell, Dylan}, biburl = {https://www.bibsonomy.org/bibtex/2566135700534b0797b8298d8385b608d/analyst}, description = {[1811.00525] On the Geometry of Adversarial Examples}, interhash = {0361e191c4a2662b5d90c6d1667a126a}, intrahash = {566135700534b0797b8298d8385b608d}, keywords = {2018 geometry machine-learning}, note = {cite arxiv:1811.00525Comment: Improvements to clarity and presentation over initial submission}, timestamp = {2020-02-01T22:42:47.000+0100}, title = {On the Geometry of Adversarial Examples}, url = {http://arxiv.org/abs/1811.00525}, year = 2018 }