Despite their unmatched performance, deep neural networks remain susceptible to targeted attacks by nearly imperceptible levels of adversarial noise. While the underlying cause of this sensitivity is not well understood, theoretical analyses can be simplified by reframing each layer of a feed-forward network as an approximate solution to a sparse coding problem. Iterative solutions using basis pursuit are theoretically more stable and have improved adversarial robustness. However, cascading layer-wise pursuit implementations suffer from error accumulation in deeper networks. In contrast, our new method of deep pursuit approximates the activations of all layers as a single global optimization problem, allowing us to consider deeper, real-world architectures with skip connections such as residual networks. Experimentally, our approach demonstrates improved robustness to adversarial noise.

中文翻译：

---

建筑对抗的稳健性：深入追求的案例

尽管深度神经网络具有无与伦比的性能，但它们仍然易于受到几乎不可察觉的对抗性噪声的攻击。虽然这种敏感性的根本原因还没有得到很好的理解，但是可以通过重新定义前馈网络的每一层来简化稀疏编码问题的近似解决方案，从而简化理论分析。使用基础追踪的迭代解决方案在理论上更稳定，并且具有更高的对抗鲁棒性。但是，级联逐层跟踪实现会在更深层的网络中累积错误。相比之下，我们的深度追寻新方法将所有层的激活近似为一个全局优化问题，从而使我们能够考虑具有跳过连接（例如残留网络）的更深层次的实际架构。实验上，