The Library
Adversarial reprogramming revisited
Tools
Englert, Matthias and Lazic, Ranko (2022) Adversarial reprogramming revisited. In: Thirty-sixth Conference on Neural Information Processing Systems (NeurIPS 2022), New Orleans, 28 Nov - 09 Dec 2022. Published in: Advances in Neural Information Processing Systems (NeurIPS 2022), 35 pp. 28588-28600.
|
PDF
WRAP-Adversarial-reprogramming-revisited-2022.pdf - Accepted Version - Requires a PDF viewer. Download (5Mb) | Preview |
Official URL: https://proceedings.neurips.cc/paper_files/paper/2...
Abstract
Adversarial reprogramming, introduced by Elsayed, Goodfellow, and Sohl-Dickstein, seeks to repurpose a neural network to perform a different task, by manipulating its input without modifying its weights. We prove that two-layer ReLU neural networks with random weights can be adversarially reprogrammed to achieve arbitrarily high accuracy on Bernoulli data models over hypercube vertices, provided the network width is no greater than its input dimension. We also substantially strengthen a recent result of Phuong and Lampert on directional convergence of gradient flow, and obtain as a corollary that training two-layer ReLU neural networks on orthogonally separable datasets can cause their adversarial reprogramming to fail. We support these theoretical results by experiments that demonstrate that, as long as batch normalisation layers are suitably initialised, even untrained networks with random weights are susceptible to adversarial reprogramming. This is in contrast to observations in several recent works that suggested that adversarial reprogramming is not possible for untrained networks to any degree of reliability.
Item Type: | Conference Item (Paper) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||||||||
Journal or Publication Title: | Advances in Neural Information Processing Systems (NeurIPS 2022) | ||||||||||
Publisher: | Neural Information Processing Systems ; Curran Associates, Inc. | ||||||||||
Official Date: | 14 December 2022 | ||||||||||
Dates: |
|
||||||||||
Volume: | 35 | ||||||||||
Page Range: | pp. 28588-28600 | ||||||||||
Status: | Peer Reviewed | ||||||||||
Publication Status: | Published | ||||||||||
Access rights to Published version: | Restricted or Subscription Access | ||||||||||
Date of first compliant deposit: | 17 October 2022 | ||||||||||
Date of first compliant Open Access: | 13 March 2023 | ||||||||||
Conference Paper Type: | Paper | ||||||||||
Title of Event: | Thirty-sixth Conference on Neural Information Processing Systems (NeurIPS 2022) | ||||||||||
Type of Event: | Conference | ||||||||||
Location of Event: | New Orleans | ||||||||||
Date(s) of Event: | 28 Nov - 09 Dec 2022 | ||||||||||
Related URLs: | |||||||||||
Open Access Version: |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year