Batch normalization amplifies memorization of outlier samples in deep neural networks, directly increasing susceptibility to membership inference attacks.
Batch Normalization is a Cause of Adversarial Vulnerability
2 Pith papers cite this work. Polarity classification is still indexing.
abstract
Batch normalization (batch norm) is often used in an attempt to stabilize and accelerate training in deep neural networks. In many cases it indeed decreases the number of parameter updates required to achieve low training error. However, it also reduces robustness to small adversarial input perturbations and noise by double-digit percentages, as we show on five standard datasets. Furthermore, substituting weight decay for batch norm is sufficient to nullify the relationship between adversarial vulnerability and the input dimension. Our work is consistent with a mean-field analysis that found that batch norm causes exploding gradients.
fields
cs.LG 2years
2026 2verdicts
UNVERDICTED 2representative citing papers
Thesis uses statistical mechanics to study DAM and RBM models for understanding memorization, low-dimensional learning, and adversarial robustness in neural networks.
citing papers explorer
-
Batch Normalization Amplifies Memorization and Privacy Risks
Batch normalization amplifies memorization of outlier samples in deep neural networks, directly increasing susceptibility to membership inference attacks.
-
Explaining Machine Learning and Memorization with Statistical Mechanics
Thesis uses statistical mechanics to study DAM and RBM models for understanding memorization, low-dimensional learning, and adversarial robustness in neural networks.