Adversarial examples are a pervasive phenomenon of machine learning models where seemingly imperceptible perturbations to the input lead misclassifications for otherwise statistically accurate models. We propose geometric framework, drawing on tools from manifold reconstruction literature, analyze high-dimensional geometry adversarial examples. In particular, we highlight importance codimension: low-dimensional data manifolds embedded in space there many directions off which construct natural consequence decision boundary that classifies well, but points near incorrectly. Using our framework prove (1) tradeoff between robustness under different norms, (2) training balls around is sample inefficient, and (3) sufficient sampling conditions nearest neighbor classifiers ball-based robust.

Load

Load