Feature Compression May Be the Root Cause of Adversarial Fragility in Neural Network Classifiers (Student Abstract)

Authors

  • Jingchao Gao Minnesota State University
  • Ziqing Lu University of Iowa
  • Raghu Mudumbai University of Iowa
  • Xiaodong Wu University of Iowa
  • Jirong Yi University of Iowa
  • Myung Cho University of Iowa
  • Catherine Xu University of Iowa
  • Hui Xie University of Iowa
  • Weiyu Xu University of Iowa

DOI:

https://doi.org/10.1609/aaai.v40i48.42217

Abstract

In this paper, we study the adversarial robustness of deep neural networks (DNN) for classification against optimal classifiers. We look at the smallest magnitude of possible additive perturbations that can change a classifier's output. We provide a matrix-theoretic explanation of the adversarial fragility of DNNs for classification. In particular, our theoretical results show that the adversarial robustness of a neural network can degrade as the input dimension d increases. Analytically, we show that the adversarial robustness of neural networks can be only 1/√d of the best possible adversarial robustness of optimal classifiers. Our theories match remarkably well with empirical results. The matrix-theoretic explanation aligns with an earlier information-theoretic feature-compression-based explanation for the adversarial fragility of neural networks.
AAAI-26 / IAAI-26 / EAAI-26 Proceedings Cover

Downloads

Published

2026-03-14

How to Cite

Gao, J., Lu, Z., Mudumbai, R., Wu, X., Yi, J., Cho, M., … Xu, W. (2026). Feature Compression May Be the Root Cause of Adversarial Fragility in Neural Network Classifiers (Student Abstract). Proceedings of the AAAI Conference on Artificial Intelligence, 40(48), 41212–41213. https://doi.org/10.1609/aaai.v40i48.42217

Issue

Vol. 40 No. 48: EAAI-26 AI for Education, Model AI Assignments, AAAI-26 Emerging Trends, Doctoral Consortium, Student Abstracts, Undergraduate Consortium and Demonstrations

Section

AAAI Student Abstract and Poster Program