An Information-Theoretic Explanation for the Adversarial Fragility of AI Classifiers
This work addresses the adversarial fragility issue in AI classifiers, which is a critical security concern for machine learning applications, but it appears incremental as it builds on existing information-theoretic analogies.
The paper tackles the problem of AI classifiers' vulnerability to small adversarial perturbations by proposing a compression property hypothesis and a detection method, demonstrating experimental results with a voice recognition system.
We present a simple hypothesis about a compression property of artificial intelligence (AI) classifiers and present theoretical arguments to show that this hypothesis successfully accounts for the observed fragility of AI classifiers to small adversarial perturbations. We also propose a new method for detecting when small input perturbations cause classifier errors, and show theoretical guarantees for the performance of this detection method. We present experimental results with a voice recognition system to demonstrate this method. The ideas in this paper are motivated by a simple analogy between AI classifiers and the standard Shannon model of a communication system.