Abstract
Recently, a weight-based attack on stochastic gradient descent inducing overfitting has been proposed. We show that the threat is broader: A task-independent permutation on the initial weights suffices to limit the achieved accuracy to for example 50% on the Fashion MNIST dataset from initially more than 90%. These findings are supported on MNIST and CIFAR. We formally confirm that the attack succeeds with high likelihood and does not depend on the data. Empirically, weight statistics and loss appear unsuspicious, making it hard to detect the attack if the user is not aware. Our paper is thus a call for action to acknowledge the importance of the initial weights in deep learning.
Author supplied keywords
Cite
CITATION STYLE
Grosse, K., Trost, T. A., Mosbach, M., Backes, M., & Klakow, D. (2020). On the Security Relevance of Initial Weights in Deep Neural Networks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12396 LNCS, pp. 3–14). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-61609-0_1
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
