Interpretation of Neural Networks is Susceptible to Universal Adversarial Perturbations

arXiv:2212.03095v2 Announce Type: replace-cross
Abstract: Interpreting neural network classifiers using gradient-based saliency maps has been extensively studied in the deep learning literature. While the existing algorithms manage to achieve satisfactory performance in application to standard image recognition datasets, recent works demonstrate the vulnerability of widely-used gradient-based interpretation schemes to norm-bounded perturbations adversarially designed for every individual input sample. However, such adversarial perturbations are commonly designed using the knowledge of an input sample, and hence perform sub-optimally in application to an …

adversarial algorithms application arxiv cs.ai cs.cr cs.cv cs.lg datasets deep learning image literature manage maps network networks neural network neural networks performance recognition standard stat.ml vulnerability