Vulnerability of Deep Learning
This addresses security concerns for users of deep learning systems by providing a method to evaluate and identify vulnerabilities, though it appears incremental as it applies existing RG concepts to a new context.
The paper tackles the problem of assessing deep learning network vulnerability to small input changes and adversarial attacks by using the Renormalisation Group (RG) framework, proposing a Monte Carlo RG-based numerical scheme to identify dangerous perturbations and test network robustness.
The Renormalisation Group (RG) provides a framework in which it is possible to assess whether a deep-learning network is sensitive to small changes in the input data and hence prone to error, or susceptible to adversarial attack. Distinct classification outputs are associated with different RG fixed points and sensitivity to small changes in the input data is due to the presence of relevant operators at a fixed point. A numerical scheme, based on Monte Carlo RG ideas, is proposed for identifying the existence of relevant operators and the corresponding directions of greatest sensitivity in the input data. Thus, a trained deep-learning network may be tested for its robustness and, if it is vulnerable to attack, dangerous perturbations of the input data identified.