Enforcing Fundamental Relations via Adversarial Attacks on Input Parameter Correlations
This work addresses the challenge of leveraging known fundamental correlations in input data for better machine learning models, with applications spanning scientific domains like physics and healthcare, though it appears incremental as a new type of adversarial attack building on existing methods.
The paper tackles the problem of improving classification performance by exploiting correlations between input parameters through a new adversarial attack algorithm called Random Distribution Shuffle Attack (RDSA), which focuses on feature correlations rather than individual characteristics. The result is a significant improvement in classification performance across six diverse tasks, including particle physics and medical datasets, when used for data augmentation in adversarial training.
Correlations between input parameters play a crucial role in many scientific classification tasks, since these are often related to fundamental laws of nature. For example, in high energy physics, one of the common deep learning use-cases is the classification of signal and background processes in particle collisions. In many such cases, the fundamental principles of the correlations between observables are often better understood than the actual distributions of the observables themselves. In this work, we present a new adversarial attack algorithm called Random Distribution Shuffle Attack (RDSA), emphasizing the correlations between observables in the network rather than individual feature characteristics. Correct application of the proposed novel attack can result in a significant improvement in classification performance - particularly in the context of data augmentation - when using the generated adversaries within adversarial training. Given that correlations between input features are also crucial in many other disciplines. We demonstrate the RDSA effectiveness on six classification tasks, including two particle collision challenges (using CERN Open Data), hand-written digit recognition (MNIST784), human activity recognition (HAR), weather forecasting (Rain in Australia), and ICU patient mortality (MIMIC-IV), demonstrating a general use case beyond fundamental physics for this new type of adversarial attack algorithms.