This work investigates the intrinsic relationship between neural networks’ implicit bias and adversarial vulnerability. We propose a Fourier-domain analytical framework: (1) identifying the minimal critical frequencies essential for classification via frequency-domain sensitivity analysis; (2) pinpointing dominant frequencies in adversarial perturbations that trigger misclassification; and (3) constructing a “bias–attack” frequency mapping. Our contributions are threefold: first, we establish the first quantitative correlation between implicit bias and adversarial attacks in the frequency domain; second, we introduce a critical-frequency fingerprint visualization technique to quantify bias–attack alignment; third, we adopt an improved Hilbert–Schmidt Independence Criterion (HSIC) to detect nonlinear, high-dimensional dependencies. Experiments demonstrate strong spectral overlap between the principal frequencies of implicit bias and those targeted by adversarial attacks. This work establishes a novel paradigm for frequency-aware robust training and interpretable, attack-aware defense.

Despite their impressive performance in classification tasks, neural networks are known to be vulnerable to adversarial attacks, subtle perturbations of the input data designed to deceive the model. In this work, we investigate the correlation between these perturbations and the implicit bias of neural networks trained with gradient-based algorithms. To this end, we analyse a representation of the network's implicit bias through the lens of the Fourier transform. Specifically, we identify unique fingerprints of implicit bias and adversarial attacks by calculating the minimal, essential frequencies needed for accurate classification of each image, as well as the frequencies that drive misclassification in its adversarially perturbed counterpart. This approach enables us to uncover and analyse the correlation between these essential frequencies, providing a precise map of how the network's biases align or contrast with the frequency components exploited by adversarial attacks. To this end, among other methods, we use a newly introduced technique capable of detecting nonlinear correlations between high-dimensional datasets. Our results provide empirical evidence that the network bias in Fourier space and the target frequencies of adversarial attacks are highly correlated and suggest new potential strategies for adversarial defence.