Towards Frequency-Based Explanation for Robust CNN
This work addresses the problem of improving CNN robustness against adversarial attacks for AI safety and reliability, though it is incremental by building on existing frequency analysis and adversarial training concepts.
The paper investigates how the distribution of frequency components in input data influences CNN reasoning and robustness, showing that reliance on high-frequency features leads to vulnerability to adversarial attacks, while stronger associations with low-frequency components enhance robustness, as evidenced by adversarially trained models.
Current explanation techniques towards a transparent Convolutional Neural Network (CNN) mainly focuses on building connections between the human-understandable input features with models' prediction, overlooking an alternative representation of the input, the frequency components decomposition. In this work, we present an analysis of the connection between the distribution of frequency components in the input dataset and the reasoning process the model learns from the data. We further provide quantification analysis about the contribution of different frequency components toward the model's prediction. We show that the vulnerability of the model against tiny distortions is a result of the model is relying on the high-frequency features, the target features of the adversarial (black and white-box) attackers, to make the prediction. We further show that if the model develops stronger association between the low-frequency component with true labels, the model is more robust, which is the explanation of why adversarially trained models are more robust against tiny distortions.