The possibility for one to recover the parameters-weights and biases-of a neural network thanks to the knowledge of its function on a subset of the input space can be, depending on the situation, a curse or a blessing. On one hand, recovering the parameters allows for better adversarial attacks and could also disclose sensitive information from the dataset used to construct the network. On the other hand, if the parameters of a network can be recovered, it guarantees the user that the features in the latent spaces can be interpreted. It also provides foundations to obtain formal guarantees on the performances of the network. It is therefore important to characterize the networks whose parameters can be identified and those whose parameters cannot. In this article, we provide a set of conditions on a deep fully-connected feedforward ReLU neural network under which the parameters of the network are uniquely identified-modulo permutation and positive rescaling-from the function it implements on a subset of the input space.

翻译：基于对网络在输入空间子集上函数的了解，恢复神经网络参数（权重和偏置）的可能性，根据具体情境，既可以是诅咒也可以是恩赐。一方面，参数恢复能够实现更强的对抗攻击，也可能泄露用于构建网络的数据集中的敏感信息。另一方面，若网络参数可被恢复，则可确保用户能够解释隐空间中的特征，并为网络性能的形式化保证奠定基础。因此，刻画参数可辨识与不可辨识的网络特性至关重要。本文针对深度全连接前馈ReLU神经网络，提出了一组条件：在该条件下，网络参数能够通过其在输入空间子集上实现的函数被唯一辨识（模除置换与正缩放）。