Simplicial-Map Neural Networks Robust to Adversarial Examples

Broadly speaking, an adversarial example against a classification model occurs when a small perturbation on an input data point produces a change on the output label assigned by the model. Such adversarial examples represent a weakness for the safety of neural network applications, and many differen...

Full description

Saved in:
Bibliographic Details
Published inMathematics (Basel) Vol. 9; no. 2; p. 169
Main Authors Paluzo-Hidalgo, Eduardo, Gonzalez-Diaz, Rocio, Gutiérrez-Naranjo, Miguel A., Heras, Jónathan
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.01.2021
Subjects
adversarial examples
Algebra
algebraic topology
Approximation
Classification
Data points
Mathematics
neural network
Neural networks
Perturbation
Robustness
Subdivisions
Topology
Online AccessGet full text

Cover

More Information
Summary:Broadly speaking, an adversarial example against a classification model occurs when a small perturbation on an input data point produces a change on the output label assigned by the model. Such adversarial examples represent a weakness for the safety of neural network applications, and many different solutions have been proposed for minimizing their effects. In this paper, we propose a new approach by means of a family of neural networks called simplicial-map neural networks constructed from an Algebraic Topology perspective. Our proposal is based on three main ideas. Firstly, given a classification problem, both the input dataset and its set of one-hot labels will be endowed with simplicial complex structures, and a simplicial map between such complexes will be defined. Secondly, a neural network characterizing the classification problem will be built from such a simplicial map. Finally, by considering barycentric subdivisions of the simplicial complexes, a decision boundary will be computed to make the neural network robust to adversarial attacks of a given size.
ISSN:2227-7390
2227-7390
DOI:10.3390/math9020169