Recently, a weight-based attack on stochastic gradient descent inducing overfitting has been proposed. We show that the threat is broader: A task-independent permutation on the initial weights suffices to limit the achieved accuracy to for example 50% on the Fashion MNIST dataset from initially more than $90$%. These findings are confirmed on MNIST and CIFAR. We formally confirm that the attack succeeds with high likelihood and does not depend on the data. Empirically, weight statistics and loss appear unsuspicious, making it hard to detect the attack if the user is not aware. Our paper is thus a call for action to acknowledge the importance of the initial weights in deep learning.

翻译：最近,有人提议对诱发悬浮性梯度下行过度进行重力攻击。我们表明这种威胁范围更广:对初始重量进行任务独立的调整足以将时装MNIST数据集实现的准确性从最初的90多美元限制到50%。这些调查结果在MNIST和CIFAR上得到了证实。我们正式确认,攻击成功的可能性很大,并不取决于数据。有规律地说,重量统计和损失似乎不吉利,因此如果用户不知道的话,很难发现攻击。因此,我们的论文呼吁采取行动,承认初始重量在深层学习中的重要性。