ML Security PapersLaws of Learning Dynamics and the Core of Learners
Published on arXiv
2602.05026
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
The entropy-based logifold ensemble achieves higher accuracy than naive averaging ensembles under transfer-based adversarial attacks, with particularly large gains under strong perturbations on CIFAR-10.
Logifold
Novel technique introduced
We formulate the fundamental laws governing learning dynamics, namely the conservation law and the decrease of total entropy. Within this framework, we introduce an entropy-based lifelong ensemble learning method. We evaluate its effectiveness by constructing an immunization mechanism to defend against transfer-based adversarial attacks on the CIFAR-10 dataset. Compared with a naive ensemble formed by simply averaging models specialized on clean and adversarial samples, the resulting logifold achieves higher accuracy in most test cases, with particularly large gains under strong perturbations.
Key Contributions
- Formulates two fundamental laws of learning dynamics (conservation law and decrease of total entropy) analogous to laws of thermodynamics
- Introduces a logifold — a hierarchical entropy-based ensemble architecture for lifelong learning that detects adversarial inputs via entropy anomalies
- Demonstrates an immunization mechanism against gradient-based adversarial attacks (APGD, AutoAttack) that outperforms naive ensembles, especially under strong perturbations, on CIFAR-10
🛡️ Threat Analysis
Proposes a defense mechanism against adversarial input manipulation attacks (APGD, AutoAttack) at inference time using entropy-based detection and hierarchical ensemble immunization.