Tropical Bisectors and Carlini-Wagner Attacks

Grindstaff, Gillian, Lindberg, Julia, Schkoda, Daniela, Sorea, Miruna-Stefana, Yoshida, Ruriko

Mar-28-2025–arXiv.org Artificial Intelligence

Pasque et al. showed that using a tropical symmetric metric as an activation function in the last layer can improve the robustness of convolutional neural networks (CNNs) against state-of-the-art attacks, including the Carlini-Wagner attack. This improvement occurs when the attacks are not specifically adapted to the non-differentiability of the tropical layer. Moreover, they showed that the decision boundary of a tropical CNN is defined by tropical bisectors. In this paper, we explore the combinatorics of tropical bisectors and analyze how the tropical embedding layer enhances robustness against Carlini-Wagner attacks. We prove an upper bound on the number of linear segments the decision boundary of a tropical CNN can have. We then propose a refined version of the Carlini-Wagner attack, specifically tailored for the tropical architecture. Computational experiments with MNIST and LeNet5 showcase our attacks improved success rate.

artificial intelligence, gradient descent, machine learning, (14 more...)

arXiv.org Artificial Intelligence

Mar-28-2025

arXiv.org PDF

Add feedback

Country:
- Europe
  - Germany > Bavaria
    - Upper Bavaria > Munich (0.04)
  - Ireland (0.04)
  - Romania > Centru Development Region
    - Sibiu County > Sibiu (0.04)
  - United Kingdom > England
    - Oxfordshire > Oxford (0.14)
- North America > United States
  - California > San Diego County
    - San Diego (0.04)
  - Rhode Island > Providence County
    - Providence (0.04)
  - Texas > Travis County
    - Austin (0.04)

Genre:
- Research Report (0.64)

Industry:
- Government > Military (0.46)
- Information Technology > Security & Privacy (0.46)

Technology:
- Information Technology > Artificial Intelligence > Machine Learning > Neural Networks > Deep Learning (0.34)