Stéphane Puechmorel

Eliot Tron, Nicolas Couellan, Stéphane Puechmorel

Deep learning models are known to be vulnerable to adversarial attacks. Adversarial learning is therefore becoming a crucial task. We propose a new vision on neural network robustness using Riemannian geometry and foliation theory. The idea is illustrated by creating a new adversarial attack that takes into account the curvature of the data space. This new adversarial attack, called the two-step spectral attack is a piece-wise linear approximation of a geodesic in the data space. The data space is treated as a (degenerate) Riemannian manifold equipped with the pullback of the Fisher Information Metric (FIM) of the neural network. In most cases, this metric is only semi-definite and its kernel becomes a central object to study. A canonical foliation is derived from this kernel. The curvature of transverse leaves gives the appropriate correction to get a two-step approximation of the geodesic and hence a new efficient adversarial attack. The method is first illustrated on a 2D toy example in order to visualize the neural network foliation and the corresponding attacks. Next, we report numerical results on the MNIST and CIFAR10 datasets with the proposed technique and state of the art attacks presented in Zhao et al. (2019) (OSSA) and Croce et al. (2020) (AutoAttack). The result show that the proposed attack is more efficient at all levels of available budget for the attack (norm of the attack), confirming that the curvature of the transverse neural network FIM foliation plays an important role in the robustness of neural networks. The main objective and interest of this study is to provide a mathematical understanding of the geometrical issues at play in the data space when constructing efficient attacks on neural networks.

Eliot Tron, Rita Fioresi, Nicolas Couellan et al.

The purpose of this paper is to employ the language of Cartan moving frames to study the geometry of the data manifolds and its Riemannian structure, via the data information metric and its curvature at data points. Using this framework and through experiments, explanations on the response of a neural network are given by pointing out the output classes that are easily reachable from a given input. This emphasizes how the proposed mathematical relationship between the output of the network and the geometry of its inputs can be exploited as an explainable artificial intelligence tool.

Alice Le Brigant, Nicolas Guigui, Sana Rebbah et al.

In this paper, we use tools of information geometry to compare, average and classify histograms. Beta distributions are fitted to the histograms and the corresponding Fisher information geometry is used for comparison. We show that this geometry is negatively curved, which guarantees uniqueness of the notion of mean, and makes it suitable to classify histograms through the popular K-means algorithm. We illustrate the use of these geometric tools in supervised and unsupervised classification procedures of two medical data-sets, cardiac shape deformations for the detection of pulmonary hypertension and brain cortical thickness for the diagnosis of Alzheimer's disease.