The robustness in deep learning

Created in February 05, 2025

2025   ·   supervised   learning,   group   theory,   harmonic   analysis   ·   learning

What do neural networks learn?

Deep learning models are often praised for their ability to learn rich representations from data. However, one challenge that still puzzles researchers is the sensitivity of neural networks to small changes in the input. Although these small changes were investigated mainly in adversarial attacks [1], it is known that small linear transformations, rotation, shift, affect the model output [2].

In this work, we propose a novel diffeomorphism—a differentiable, bijective mapping—that addresses this very issue for time series data. We show that even small shifts can change model outputs dramatically, and the elegant mathematical reasoning behind mapping all shifted variants to a unique point.

What is changing with small shifts?

A minor time shift, say \(t^{\prime}\), alters the phase of each harmonic. For a given frequency \(\omega_k\), a shift transforms the phase according to:

$$ \varphi'(\omega_k) = \left( \varphi(\omega_k) + \omega_k\, t' \right) \mod 2\pi $$

For neural network architectures, which deploy pooling or strided convolution, this shifting significantly effects the model output. In practical terms, a heart rate monitor or activity recognition system might yield wildly different predictions for inputs that are essentially the same signal, only shifted in time.

Harmonics

One of the key insights from our work is that time shifts can be understood through the lens of Fourier harmonics. Each harmonic at frequency \(\omega_k\) possesses its own phase angle, and the shift operation acts as a group operation on these angles. In fact, we can define a set of possible phase angles for the \(k\)-th harmonic as:

$$ \Phi_k = \{\, \varphi \mid \varphi = (\varphi(\omega_k) + \omega_k\, t') \mod 2\pi,\; t' \in \mathbb{R} \,\} $$

This means that while the magnitudes remain unchanged, the phase components rotate on the unit circle.

Mapping shifted signals to a unique point

To overcome the challenge posed by these phase variations, our approach proposes a transformation \(T(x,\varphi)\) that “undoes” the effect of arbitrary shifts. The idea is to remap every shifted version of the signal to a unique point on a new data manifold—thus ensuring shift-invariance. The transformation is defined as:

$$ T(x, \varphi) = F^{-1}\!\Bigl( |X(e^{j\omega})|\, e^{j\varphi(\omega)}\, e^{-j\omega\, \Delta\varphi} \Bigr) $$

where the phase adjustment \(\Delta\varphi\) is computed as:

$$ \Delta\varphi = \begin{cases} \frac{(\theta - 2\pi) T_0}{2\pi}, & \text{if } \theta > \pi \\ \frac{\theta\, T_0}{2\pi}, & \text{otherwise} \end{cases} \quad \text{with} \quad \theta = \Bigl[ \varphi(\omega_0) - \varphi \Bigr] \mod 2\pi $$

Here, \(\omega_0\) is the frequency of a chosen harmonic whose period \(T_0\) is at least as long as the input signal. This carefully constructed transformation ensures that any two shifted versions of \(x(t)\) are mapped to the same output, preserving all task-relevant information.

Reasoning?

Neural networks are designed to recognize patterns and extract meaningful features from data. However, when dealing with time series, their reasoning is often misaligned with fundamental properties of signals. For instance, small shifts in a time series do not alter its periodicity or amplitude, yet models misclassify these shifted signals.

In an ideal scenario, a deep learning model should learn the waveform shapes, frequencies, magnitude in the signal to infer the class.
However, when the same signal shifted by a small amount, the models can assign them to a completely different class. This raises a crucial question: should we reconsider how neural networks reason about time series?
If a model’s classification changes due to a simple shift—despite the core signal properties remaining intact—then the network is likely over-reliant on positional information rather than the intrinsic nature of the time series.

References

1. Explaining and Harnessing Adversarial Examples, ICLR 2015.

2. Why do deep convolutional networks generalize so poorly to small image transformations?, JMLR 2019.