On Lyapunov exponents and adversarial perturbation
This addresses the problem of adversarial attacks for deep learning practitioners, but it is incremental as it builds on existing defense methods and focuses on specific datasets.
The paper tackled the problem of defending against adversarial perturbations in deep learning by using Lyapunov exponents computed from 1-D time series of images as a filtering tool, empirically demonstrating their discriminative power on MNIST and Fashion-MNIST datasets with a standard CNN.
In this paper, we would like to disseminate a serendipitous discovery involving Lyapunov exponents of a 1-D time series and their use in serving as a filtering defense tool against a specific kind of deep adversarial perturbation. To this end, we use the state-of-the-art CleverHans library to generate adversarial perturbations against a standard Convolutional Neural Network (CNN) architecture trained on the MNIST as well as the Fashion-MNIST datasets. We empirically demonstrate how the Lyapunov exponents computed on the flattened 1-D vector representations of the images served as highly discriminative features that could be to pre-classify images as adversarial or legitimate before feeding the image into the CNN for classification. We also explore the issue of possible false-alarms when the input images are noisy in a non-adversarial sense.