Tropical Bisectors and Carlini-Wagner Attacks
Grindstaff, Gillian, Lindberg, Julia, Schkoda, Daniela, Sorea, Miruna-Stefana, Yoshida, Ruriko
–arXiv.org Artificial Intelligence
Pasque et al. showed that using a tropical symmetric metric as an activation function in the last layer can improve the robustness of convolutional neural networks (CNNs) against state-of-the-art attacks, including the Carlini-Wagner attack. This improvement occurs when the attacks are not specifically adapted to the non-differentiability of the tropical layer. Moreover, they showed that the decision boundary of a tropical CNN is defined by tropical bisectors. In this paper, we explore the combinatorics of tropical bisectors and analyze how the tropical embedding layer enhances robustness against Carlini-Wagner attacks. We prove an upper bound on the number of linear segments the decision boundary of a tropical CNN can have. We then propose a refined version of the Carlini-Wagner attack, specifically tailored for the tropical architecture. Computational experiments with MNIST and LeNet5 showcase our attacks improved success rate.
arXiv.org Artificial Intelligence
Mar-28-2025
- Country:
- Europe
- Germany > Bavaria
- Upper Bavaria > Munich (0.04)
- Ireland (0.04)
- Romania > Centru Development Region
- Sibiu County > Sibiu (0.04)
- United Kingdom > England
- Oxfordshire > Oxford (0.14)
- Germany > Bavaria
- North America > United States
- California > San Diego County
- San Diego (0.04)
- Rhode Island > Providence County
- Providence (0.04)
- Texas > Travis County
- Austin (0.04)
- California > San Diego County
- Europe
- Genre:
- Research Report (0.64)
- Industry:
- Government > Military (0.46)
- Information Technology > Security & Privacy (0.46)
- Technology: