Algebraic Adversarial Attacks on Integrated Gradients
Lachlan Simpson, Federico Costanza, Kyle Millar, Adriel Cheng, Cheng-Chew Lim, Hong Gunn Chew
TL;DR
This work tackles adversarial manipulation of neural network explanations by developing an algebraic, Lie-theoretic framework that exploits neural network symmetries. By characterizing symmetry groups $P_{W}$ and their Lie algebras $\mathfrak{p}_{W}$, the authors derive constructive methods to generate algebraic adversarial examples for integrated gradients, including explicit bounds and base-point considerations. They show that integrated gradients are naturally affected by rotations and translations of inputs, enabling adversarial explanations without changing the model output. The approach provides a mathematically tractable mechanism for producing adversarial explanations and lays the groundwork for experimental validation and extension to other explainability methods.
Abstract
Adversarial attacks on explainability models have drastic consequences when explanations are used to understand the reasoning of neural networks in safety critical systems. Path methods are one such class of attribution methods susceptible to adversarial attacks. Adversarial learning is typically phrased as a constrained optimisation problem. In this work, we propose algebraic adversarial examples and study the conditions under which one can generate adversarial examples for integrated gradients. Algebraic adversarial examples provide a mathematically tractable approach to adversarial examples.