0

Towards White Box Deep Learning

Semantic features in deep neural networks improve interpretability and robustness against adversarial attacks without adversarial training.

Open
Year
2024
Venue
arXiv 2024
ArXiv
arxiv.org/abs/2403.09863
URL
arxiv.org/abs/2403.09863v5
Authors
1
Hosting
Abstract onlyARXIV-DEFAULT

Cite

Notes

Only stored in your browser.

Attribution

Abstract & full text
arxiv.org/abs/2403.09863v5ARXIV-DEFAULT
TL;DR
Semantic Scholar
Attribution policy →

Abstract

Deep neural networks learn fragile "shortcut" features, rendering them difficult to interpret (black box) and vulnerable to adversarial attacks. This paper proposes semantic features as a general architectural solution to this problem. The main idea is to make features locality-sensitive in the adequate semantic topology of the domain, thus introducing a strong regularization. The proof of concept network is lightweight, inherently interpretable and achieves almost human-level adversarial test metrics - with no adversarial training! These results and the general nature of the approach warrant further research on semantic features. The code is available at https://github.com/314-Foundation/white-box-nn

Authors

1
Maciej Satkiewicz