Algebraic Adversarial Attacks on Integrated Gradients
This addresses a problem for safety-critical systems where explainability models are used to understand neural network reasoning, though it appears incremental as it focuses on a specific method.
The paper tackles the vulnerability of path-based attribution methods, specifically integrated gradients, to adversarial attacks, proposing algebraic adversarial examples as a mathematically tractable approach to generate such attacks.
Adversarial attacks on explainability models have drastic consequences when explanations are used to understand the reasoning of neural networks in safety critical systems. Path methods are one such class of attribution methods susceptible to adversarial attacks. Adversarial learning is typically phrased as a constrained optimisation problem. In this work, we propose algebraic adversarial examples and study the conditions under which one can generate adversarial examples for integrated gradients. Algebraic adversarial examples provide a mathematically tractable approach to adversarial examples.