Explaining adversarial vulnerability with a data sparsity hypothesis

Despite many proposed algorithms to provide robustness deep learning (DL) models, DL models remain susceptible adversarial attacks. We hypothesize that the vulnerability of stems from two factors. The first factor is data sparsity which in high dimensional input space, there exist large regions outside support distribution. second existence redundant parameters models. Owing these factors, different are able come up with decision boundaries comparably prediction accuracy. appearance space distribution does not affect accuracy model. However, it makes an important difference ideal boundary as far possible In this paper, we develop a training framework observe if learn such spanning around class distributions further points themselves. Semi-supervised was deployed during by leveraging unlabeled generated measured trained using against well-known attacks and metrics. found our framework, well other regularization methods hypothesis have more similar aforementioned boundary. show noise almost effective on sourced existing datasets or synthesis algorithms. code for available online.