Are adversarial examples inevitable?
This addresses the fundamental security problem of adversarial attacks in machine learning, with implications for all neural network applications, though it is incremental in providing theoretical analysis rather than a new defense.
The paper investigates whether adversarial examples are inevitable for neural networks, showing that for certain problem classes, adversarial examples are inescapable, with theoretical bounds and experiments linking robustness to factors like dimensionality and image complexity.
A wide range of defenses have been proposed to harden neural networks against adversarial attacks. However, a pattern has emerged in which the majority of adversarial defenses are quickly broken by new attacks. Given the lack of success at generating robust defenses, we are led to ask a fundamental question: Are adversarial attacks inevitable? This paper analyzes adversarial examples from a theoretical perspective, and identifies fundamental bounds on the susceptibility of a classifier to adversarial attacks. We show that, for certain classes of problems, adversarial examples are inescapable. Using experiments, we explore the implications of theoretical guarantees for real-world problems and discuss how factors such as dimensionality and image complexity limit a classifier's robustness against adversarial examples.