How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation
Kolmogorov–Arnold Networks (KANs) are a novel class of neural network architectures based on the Kolmogorov–Arnold representation theorem, which has demonstrated potential advantages in accuracy and interpretability over Multilayer Perceptron (MLP) models. This paper comprehensively evaluates the ro...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-11-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/22/10173 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846154547445104640 |
|---|---|
| author | Ahmed Dawod Mohammed Ibrahum Zhengyu Shang Jang-Eui Hong |
| author_facet | Ahmed Dawod Mohammed Ibrahum Zhengyu Shang Jang-Eui Hong |
| author_sort | Ahmed Dawod Mohammed Ibrahum |
| collection | DOAJ |
| description | Kolmogorov–Arnold Networks (KANs) are a novel class of neural network architectures based on the Kolmogorov–Arnold representation theorem, which has demonstrated potential advantages in accuracy and interpretability over Multilayer Perceptron (MLP) models. This paper comprehensively evaluates the robustness of various KAN architectures—including KAN, KAN-Mixer, KANConv_KAN, and KANConv_MLP—against adversarial attacks, which constitute a critical aspect that has been underexplored in current research. We compare these models with MLP-based architectures such as MLP, MLP-Mixer, and ConvNet_MLP across three traffic sign classification datasets: GTSRB, BTSD, and CTSD. The models were subjected to various adversarial attacks (FGSM, PGD, CW, and BIM) with varying perturbation levels and were trained under different strategies, including standard training, adversarial training, and Randomized Smoothing. Our experimental results demonstrate that KAN-based models, particularly the KAN-Mixer, exhibit superior robustness to adversarial attacks compared to their MLP counterparts. Specifically, the KAN-Mixer consistently achieved lower Success Attack Rates (SARs) and Degrees of Change (DoCs) across most attack types and datasets while maintaining high accuracy on clean data. For instance, under FGSM attacks with <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>ϵ</mi><mo>=</mo><mn>0.01</mn></mrow></semantics></math></inline-formula>, the KAN-Mixer outperformed the MLP-Mixer by maintaining higher accuracy and lower SARs. Adversarial training and Randomized Smoothing further enhanced the robustness of KAN-based models, with t-SNE visualizations revealing more stable latent space representations under adversarial perturbations. These findings underscore the potential of KAN architectures to improve neural network security and reliability in adversarial settings. |
| format | Article |
| id | doaj-art-83a14105022d4022a1995da1144d9da9 |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-83a14105022d4022a1995da1144d9da92024-11-26T17:47:49ZengMDPI AGApplied Sciences2076-34172024-11-0114221017310.3390/app142210173How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness InvestigationAhmed Dawod Mohammed Ibrahum0Zhengyu Shang1Jang-Eui Hong2Software Intelligence Engineering Lab, Department of Computer Science, Chungbuk National University, Cheongju 28644, Republic of KoreaSoftware Intelligence Engineering Lab, Department of Computer Science, Chungbuk National University, Cheongju 28644, Republic of KoreaSoftware Intelligence Engineering Lab, Department of Computer Science, Chungbuk National University, Cheongju 28644, Republic of KoreaKolmogorov–Arnold Networks (KANs) are a novel class of neural network architectures based on the Kolmogorov–Arnold representation theorem, which has demonstrated potential advantages in accuracy and interpretability over Multilayer Perceptron (MLP) models. This paper comprehensively evaluates the robustness of various KAN architectures—including KAN, KAN-Mixer, KANConv_KAN, and KANConv_MLP—against adversarial attacks, which constitute a critical aspect that has been underexplored in current research. We compare these models with MLP-based architectures such as MLP, MLP-Mixer, and ConvNet_MLP across three traffic sign classification datasets: GTSRB, BTSD, and CTSD. The models were subjected to various adversarial attacks (FGSM, PGD, CW, and BIM) with varying perturbation levels and were trained under different strategies, including standard training, adversarial training, and Randomized Smoothing. Our experimental results demonstrate that KAN-based models, particularly the KAN-Mixer, exhibit superior robustness to adversarial attacks compared to their MLP counterparts. Specifically, the KAN-Mixer consistently achieved lower Success Attack Rates (SARs) and Degrees of Change (DoCs) across most attack types and datasets while maintaining high accuracy on clean data. For instance, under FGSM attacks with <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>ϵ</mi><mo>=</mo><mn>0.01</mn></mrow></semantics></math></inline-formula>, the KAN-Mixer outperformed the MLP-Mixer by maintaining higher accuracy and lower SARs. Adversarial training and Randomized Smoothing further enhanced the robustness of KAN-based models, with t-SNE visualizations revealing more stable latent space representations under adversarial perturbations. These findings underscore the potential of KAN architectures to improve neural network security and reliability in adversarial settings.https://www.mdpi.com/2076-3417/14/22/10173adversarial attacksrobustnessKolmogorov–Arnold networks (KANs)multilayer perceptrons (MLPs)convolutional-KANsKAN-Mixer |
| spellingShingle | Ahmed Dawod Mohammed Ibrahum Zhengyu Shang Jang-Eui Hong How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation Applied Sciences adversarial attacks robustness Kolmogorov–Arnold networks (KANs) multilayer perceptrons (MLPs) convolutional-KANs KAN-Mixer |
| title | How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation |
| title_full | How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation |
| title_fullStr | How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation |
| title_full_unstemmed | How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation |
| title_short | How Resilient Are Kolmogorov–Arnold Networks in Classification Tasks? A Robustness Investigation |
| title_sort | how resilient are kolmogorov arnold networks in classification tasks a robustness investigation |
| topic | adversarial attacks robustness Kolmogorov–Arnold networks (KANs) multilayer perceptrons (MLPs) convolutional-KANs KAN-Mixer |
| url | https://www.mdpi.com/2076-3417/14/22/10173 |
| work_keys_str_mv | AT ahmeddawodmohammedibrahum howresilientarekolmogorovarnoldnetworksinclassificationtasksarobustnessinvestigation AT zhengyushang howresilientarekolmogorovarnoldnetworksinclassificationtasksarobustnessinvestigation AT jangeuihong howresilientarekolmogorovarnoldnetworksinclassificationtasksarobustnessinvestigation |