Artificial neural networks can achieve impressive performances, and even outperform humans in some specific tasks. Nevertheless, unlike biological brains, the artificial neural networks suffer from tiny perturbations in sensory input, under various kinds of adversarial attacks. It is therefore necessary to study the origin of the adversarial vulnerability. Here, we establish a fundamental relationship between geometry of hidden representations (manifold perspective) and the generalization capability of the deep networks. For this purpose, we choose a deep neural network trained by local errors, and then analyze emergent properties of trained networks through the manifold dimensionality, manifold smoothness, and the generalization capability. To explore effects of adversarial examples, we consider independent Gaussian noise attacks and fast-gradient-sign-method (FGSM) attacks. Our study reveals that a high generalization accuracy requires a relatively fast power-law decay of the eigen-spectrum of hidden representations. Under Gaussian attacks, the relationship between generalization accuracy and power-law exponent is monotonic, while a non-monotonic behavior is observed for FGSM attacks. Our empirical study provides a route towards a final mechanistic interpretation of adversarial vulnerability under adversarial attacks.

中文翻译：

---

局部误差深度学习中流形平滑度与对抗性脆弱性的关系

人工神经网络可以实现令人印象深刻的性能，甚至在某些特定任务中的表现优于人类。然而，与生物大脑不同的是，人工神经网络在各种对抗性攻击下会遭受感官输入的微小扰动。因此，有必要研究对抗性脆弱性的起源。在这里，我们建立了隐藏表示的几何形状（流形透视）与深层网络的泛化能力之间的基本关系。为此，我们选择了一个由局部误差训练的深度神经网络，然后通过流形维数、流形平滑度和泛化能力分析训练网络的涌现特性。为了探索对抗样本的影响，我们考虑独立的高斯噪声攻击和快速梯度符号方法（FGSM）攻击。我们的研究表明，高泛化精度需要隐藏表示的特征谱的相对快速的幂律衰减。在高斯攻击下，泛化精度和幂律指数之间的关系是单调的，而 FGSM 攻击则观察到非单调行为。我们的实证研究提供了对对抗性攻击下对抗性脆弱性的最终机械解释的途径。而对于 FGSM 攻击则观察到非单调行为。我们的实证研究提供了对对抗性攻击下对抗性脆弱性的最终机械解释的途径。而对于 FGSM 攻击则观察到非单调行为。我们的实证研究提供了对对抗性攻击下对抗性脆弱性的最终机械解释的途径。