Adversarial Robustness in Parameter-Space Classifiers

Chaim Baskin School of Electrical and Computer Engineering Ben-Gurion University of the Negev Be'er Sheva, Israel chaimbaskin@bgu.ac.il Implicit Neural Representations (INRs) have been recently garnering increasing interest in various research fields, mainly due to their ability to represent large, complex data in a compact and continuous manner. Past work further showed that numerous popular downstream tasks can be performed directly in the INR parameter-space. Doing so can substantially reduce the computational resources required to process the represented data in their native domain. A major difficulty in using modern machine-learning approaches, is their high susceptibility to adversarial attacks, which have been shown to greatly limit the reliability and applicability of such methods in a wide range of settings. In this work, we show that parameter-space models trained for classification are inherently robust to adversarial attacks - without the need of any robust training. To support our claims, we develop a novel suite of adversarial attacks targeting parameter-space classifiers, and furthermore analyze practical considerations of attacking parameterspace classifiers. Implicit Neural Representations (INRs) are representations of an arbitrary signal as a neural network predicting signal values under some conditioning.