colah
commented
7 years ago Glad the feedback was helpful! :)
I'd push back very slightly on desiderata 4 (the 2 or 200 dimensions one). One disadvantage to this is that it's a little weird to think about the same problem in a varying number of dimensions at one time. Your diagram is also simpler if the axes are dimensions instead of linear subspaces -- it's a little tricky to reason about what the axes are when its 200 dimensions.
a lot of people might find it difficult to regard 2-dimensional vectors as images (and this might make the toy problem even less convincing for them)
I think you may be raising two concerns here:
-
We'd like to present adversarial counter-examples from the toy problem in a visually compelling way. #5 addresses some ways of doing this for 2-dimensional problems.
-
Two dimensional examples may feel less compelling to the reader, because they're not like images. I think this may actually cut the other way, however. If you use an example that tries to be like an image but clearly isn't realistic, you may make the reader more skeptical than if you own the lack of realism with the simplest most minimal example.
That said, I think you can do an excellent job with your present problem if you want to stick with that, so please feel free to ignore me. :)
thomas-tanay
Thanks for the quick and already detailed comments, this is great!
I open here a new issue commenting issues #2 and #5. If I'm correct, both issues raise similar points: the introductory toy problem is useful but sometimes hard to follow. This might discourage some readers (especially being the first section of the article) and should be simplified and/or made more intuitive. I agree with these concerns. And since the classes of images considered are arbitrary, lots of alternatives are possible.
Before I discuss this further, I should clarify the different constraints that led me to this particular choice of classes: 1) There should be a clear feature (linearly separable) to distinguish between the two classes. → white/black images. 2) There should be some intra-class variability (to make the problem more realistic). → random values in the intervals [-1, -0.1] and [0.1, 1] (I didn't want the two classes to intersect in 0). 3) There should be at least one (but natural data tends to have more than one) flat direction of variation along which the classification boundary can tilt. → null half image. 4) The class definitions should be valid whether the dimensionality of the problem is 2 or 200 (to show that dimensionality does not influence the phenomenon). → when the number of dimensions is 2, there is one random pixel and one null pixel. More dimensions lead to a random half image and a null half image.
Among the modifications suggested in issues #2 and #5, some are at least partially in conflict with the constraints just described:
Concerning the image representation used, I think it is important to show the actual images (so that readers can see the adversarial examples) and their projections in the deviation plane (so that readers can understand why the phenomenon occurs). I like the idea of using arrows to visualize the vectors (suggested in issue #5), but my concern is that introducing a third representation for the images might be slightly redundant, and confusing to some readers.
On the other hand, a number of the modifications suggested in issues #2, #3 and #5 are compatible with the current class definitions and can help make the toy problem more accessible:
I'll keep this issue in mind, and try to think of other ways to simplify the setup of the toy problem.