a a simple e unifi fied ed framework ork for or de detec
play

A A Simple e Unifi fied ed Framework ork for or De Detec - PowerPoint PPT Presentation

Oct 07, 2023 •573 likes •751 views

A A Simple e Unifi fied ed Framework ork for or De Detec ecti ting Out-of of-Di Distri tributi tion on Sa Samp mples a and A Adversarial At Attacks Honglak Lee 3,2 Jinwoo Shin 1,4 Kimin Lee 1 Kibok Lee 2 1 Korea Advanced

  1. A A Simple e Unifi fied ed Framework ork for or De Detec ecti ting Out-of of-Di Distri tributi tion on Sa Samp mples a and A Adversarial At Attacks Honglak Lee 3,2 Jinwoo Shin 1,4 Kimin Lee 1 Kibok Lee 2 1 Korea Advanced Institute of Science and Technology (KAIST) 2 University of Michigan 3 Google Brain 4 AItrics NeurIPS 2018 Motréal

  2. Motivation: Detecting Abnormal Samples • A classifier can provide a meaningful answer only if a test sample is reasonably similar to the training samples • However, it sees many unknown/unseen test samples in practice • E.g., training data = animal 99% classifier dog cat 1

  3. Motivation: Detecting Abnormal Samples • A classifier can provide a meaningful answer only if a test sample is reasonably similar to the training samples • However, it sees many unknown/unseen test samples in practice • E.g., training data = animal 99% 99% classifier classifier dog dog cat cat 1

  4. Motivation: Detecting Abnormal Samples • A classifier can provide a meaningful answer only if a test sample is reasonably similar to the training samples • However, it sees many unknown/unseen test samples in practice • E.g., training data = animal 99% 99% classifier classifier dog dog cat cat • It raises a critical concern when deploying the classifier in real-world systems • E.g., Rarely-seen items can cause the self-driving car accident Deep neural networks Sunflower à Go straight à Crash!! 1

  5. Motivation: Detecting Abnormal Samples • A classifier can provide a meaningful answer only if a test sample is reasonably similar to the training samples • However, it sees many unknown/unseen test samples in practice • E.g., training data = animal 99% 99% classifier classifier dog dog cat cat • It raises a critical concern when deploying the classifier in real-world systems • E.g., Rarely-seen items can cause the self-driving car accident Deep neural networks Sunflower à Go straight à Crash!! • Our goal is to design the classifier to say “I don’t know” 1

  6. Motivation: Detecting Abnormal Samples • Detecting test samples drawn sufficiently far away from the training distribution statistically or adversarially Confidence Training distribution, e.g., animal score or Test sample Deep classifier Adversarial samples Unseen samples 2

  7. Motivation: Detecting Abnormal Samples • Detecting test samples drawn sufficiently far away from the training distribution statistically or adversarially Confidence Training distribution, e.g., animal score or Test sample Deep classifier Adversarial samples Unseen samples How to define a confidence score 2

  8. Motivation: Detecting Abnormal Samples • Detecting test samples drawn sufficiently far away from the training distribution statistically or adversarially Confidence Training distribution, e.g., animal score or Test sample Deep classifier Adversarial samples Unseen samples How to define a confidence score • One can consider a posterior distribution, i.e., 𝑄(𝑧|𝑦) , from a classifier Decision boundary Training samples Unknown samples • However, it is well known that the posterior distribution can be easily overconfident even for such abnormal samples [Balaji ‘17] 2

  9. Motivation: Detecting Abnormal Samples • Detecting test samples drawn sufficiently far away from the training distribution statistically or adversarially Confidence Training distribution, e.g., animal score or Test sample Deep classifier Adversarial samples Unseen samples How to define a confidence score • One can consider a posterior distribution, i.e., 𝑄(𝑧|𝑦) , from a classifier • For the issue, we consider to model the data distribution, i.e., 𝑄(𝑦|𝑧) 2

  10. Mahalanobis Distance-based Confidence Score • Main idea: Post-processing a generative classifier • Given a pre-trained softmax classifier, we post-process a simple generative classifier on hidden feature spaces: Class-wise Gaussian distribution • How to estimate the parameters? • Empirical class mean and covariance matrix • Using training data 3

  11. Mahalanobis Distance-based Confidence Score • Main idea: Post-processing a generative classifier • Given a pre-trained softmax classifier, we post-process a simple generative classifier on hidden feature spaces: Class-wise Gaussian distribution • Why Gaussian? the posterior distribution of the generative classifier (with a tied covariance) is equivalent to the softmax classifier • Empirical observation • ResNet-34 trained on CIFAR-10 • Hidden features follow class-conditional unimodal distributions [T-SNE of penultimate features] 3

  12. Mahalanobis Distance-based Confidence Score • Main idea: Post-processing a generative classifier • Given a pre-trained softmax classifier, we post-process a simple generative classifier on hidden feature spaces: Class-wise Gaussian distribution • Why Gaussian? the posterior distribution of the generative classifier (with a tied covariance) is equivalent to the softmax classifier • Our main contribution: New confidence score • Mahalanobis distance between a test sample and a closest class Gaussian M ( x ) = max log P ( f ( x ) | y = c ) c µ c ) > b = max − ( f ( x ) − b Σ ( f ( x ) − b µ c ) 3 c

  13. Experimental Results Out-of-distribution: TinyImageNet 100 ODIN Mahalanobis (ours) • Application to detecting out-of-distribution samples 90 80 • State-of-the-art baseline: ODIN [Liang’ 18] 70 • Maximum value of a posterior distribution after 60 post-processing 50 • DenseNet-110 [Huang ‘17] trained on the CIFAR- 40 100 dataset 30 • Our method outperforms the ODIN TNR AUROC Detection at TPR 95% accuracy • Application to detecting the adversarial samples Dataset: CIFAR-10 100 LID Mahalanobis (ours) • State-of-the-art baseline: LID [Ma’ 18] AUROC (%) • KNN based confidence score: Local Intrinsic Dimensionality 90 • ResNet-34 [He’ 16] trained on the CIFAR-10 dataset • Our method outperforms the LID 80 4 FGSM BIM DeepFool CW

  14. Conclusion • Deep generative classifiers have been largely dismissed recently • Deep discriminative classifiers (e.g., softmax classifier) typically outperform them for fully- supervised classification settings 5

  15. Conclusion • Deep generative classifiers have been largely dismissed recently • Deep discriminative classifiers (e.g., softmax classifier) typically outperform them for fully- supervised classification settings • We found that the (post-processed) deep generative classifier can outperform the softmax classifier across multiple tasks: • Detecting out-of-distribution samples • Detecting adversarial samples 5

  16. Conclusion • Deep generative classifiers have been largely dismissed recently • Deep discriminative classifiers (e.g., softmax classifier) typically outperform them for fully- supervised classification settings • We found that the (post-processed) deep generative classifier can outperform the softmax classifier across multiple tasks: • Detecting out-of-distribution samples • Detecting adversarial samples • Other contributions in our paper • More calibration techniques: input pre-processing, feature ensemble • More applications: class-incremental learning • More evaluations: robustness of our method • Poster session: Room 210 & 230 AB #30 Thanks for your attention 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Black Oak Mine Unifi fied Scho hool District ct Committed to educational excellence. A

Black Oak Mine Unifi fied Scho hool District ct Committed to educational excellence. A

Black Oak Mine Unifi fied Scho hool District ct Committed to educational excellence. A Long Range Facilities Master Plan 2030 VISION February 12, 2019 B L AC K OA K M I N E U N I F I E D S C H O OL D I ST R I C T | 2030 VI SI ON

448 views • 15 slides
Black Oak Mine Unifi fied Scho hool District ct Committed to educational excellence. A

Black Oak Mine Unifi fied Scho hool District ct Committed to educational excellence. A

Black Oak Mine Unifi fied Scho hool District ct Committed to educational excellence. A Long Range Facilities Master Plan 2030 VISION March 12, 2019 B L AC K OA K M I N E U N I F I E D S C H O OL D I ST R I C T | 2030 VI SI ON |

484 views • 23 slides
Unifi Alternative Investment Fund Pre reface Investor Predicament Unifi AIF Proposition

Unifi Alternative Investment Fund Pre reface Investor Predicament Unifi AIF Proposition

Unifi Alternative Investment Fund Pre reface Investor Predicament Unifi AIF Proposition Conventional Equity Conventional Debt Event Arbitrage High Low Consistent above average / above average / below average return

227 views • 20 slides
Unifi Alternative Investment Fund Pre refac face Investor Predicament Unifi AIF Proposition

Unifi Alternative Investment Fund Pre refac face Investor Predicament Unifi AIF Proposition

Unifi Alternative Investment Fund Pre refac face Investor Predicament Unifi AIF Proposition Conventional Equity Conventional Debt Event Arbitrage High Low Consistent above average / above average / below average return

556 views • 19 slides
Unifi Alternative Investment Fund Prefac face Investor Predicament Unifi AIF Proposition

Unifi Alternative Investment Fund Prefac face Investor Predicament Unifi AIF Proposition

Unifi Alternative Investment Fund Prefac face Investor Predicament Unifi AIF Proposition Conventional Equity Conventional Debt Event Arbitrage High Low Consistent above average / above average / below average return

365 views • 21 slides
School Innova+on Fund 1 Framing our Iden.fied Schools 50 Innova+on Schools 7 Focus Schools

School Innova+on Fund 1 Framing our Iden.fied Schools 50 Innova+on Schools 7 Focus Schools

School Innova+on Fund 1 Framing our Iden.fied Schools 50 Innova+on Schools 7 Focus Schools (CoCo/LAUSD Se<lement) (Implemen+ng PELP Framework) Turnaround Efforts Comprehensive Support and Targeted Support and Improvement Schools

586 views • 19 slides
Model based Quantitative Resilience Assessment of Critical Information Infrastructures Andrea

Model based Quantitative Resilience Assessment of Critical Information Infrastructures Andrea

Model based Quantitative Resilience Assessment of Critical Information Infrastructures Andrea Bondavalli bondavalli@unifi.it http://rcl.dsi.unifi.it Universit degli Studi di Firenze Outline Short Intro The research framework and the

660 views • 49 slides
SIMPLE Grid Framework Mayank Sharma (CERN, speaker) Maarten Litmaath (CERN) Eraldo Silva Junior

SIMPLE Grid Framework Mayank Sharma (CERN, speaker) Maarten Litmaath (CERN) Eraldo Silva Junior

SIMPLE Grid Framework Mayank Sharma (CERN, speaker) Maarten Litmaath (CERN) Eraldo Silva Junior (CBPF, Brazil) 15/11/18 SIMPLE Framework: PyParis 2018 1 $>whoami Software Engineer, CERN. Developer of SIMPLE Grid Framework.

488 views • 28 slides
Unifi High Yield Fund Preface Investor Predicament Unifi HYF Proposition High Yield Fund

Unifi High Yield Fund Preface Investor Predicament Unifi HYF Proposition High Yield Fund

Unifi High Yield Fund Preface Investor Predicament Unifi HYF Proposition High Yield Fund Conventional Equity Conventional Debt Endeavour to generate net High Low post tax returns of 3% p.a / above average / below average

726 views • 25 slides
Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on (SED) Time ime Pres esent entation ion 11:10 11:30 Task Overview (NIST) Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa) 11:50 12:10 Dublin City

674 views • 28 slides
An Integrated Framework for Fog Communications and Computing in Internet of Vehicles Alessio

An Integrated Framework for Fog Communications and Computing in Internet of Vehicles Alessio

University of Florence Department of Information Engineering An Integrated Framework for Fog Communications and Computing in Internet of Vehicles Alessio Bonadio, Francesco Chiti, Romano Fantacci name.surname@unifi.it Outline 1 Introduction

209 views • 18 slides
No/fied Access: Extending Remote Memory Access Programming

No/fied Access: Extending Remote Memory Access Programming

spcl.inf.ethz.ch @spcl_eth R OBERTO B ELLI , T ORSTEN H OEFLER No/fied Access: Extending Remote Memory Access Programming Models for Producer-Consumer Synchroniza/on

843 views • 61 slides
Research Diverging Alterna-ve Splicing Fingerprints Iden-fied in

Research Diverging Alterna-ve Splicing Fingerprints Iden-fied in

Mul$variate Data Analysis in Omics Research Diverging Alterna-ve Splicing Fingerprints Iden-fied in Thoracic Aor-c Aneurysm Sanela Kjellqvist, PhD WABI RNAseq course

814 views • 37 slides
Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about Nearest Neighbor Nave Bayes Logis)c Regression Boos)ng We saw face

707 views • 36 slides
Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0 1 1 0 0 0 1 1 0 1 1 0 1 1 1 1 0 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 1 0 CSCI 466: Networks Keith Vertanen

461 views • 27 slides
A M A Mod odifi fied ed S Step ep Ch Character eristic M Method od fo for Solving the S

A M A Mod odifi fied ed S Step ep Ch Character eristic M Method od fo for Solving the S

A M A Mod odifi fied ed S Step ep Ch Character eristic M Method od fo for Solving the S N Tr Transport Equation Dean Wang The Ohio State University Zeyun Wu Virginia Commonwealth University 2019 ANS Winter Meeting, Washington DC,

267 views • 16 slides
On the Structure of Large Equidistant Grassmannian Codes Ago-Erik Riet 1 joint work with Daniele

On the Structure of Large Equidistant Grassmannian Codes Ago-Erik Riet 1 joint work with Daniele

On the Structure of Large Equidistant Grassmannian Codes Ago-Erik Riet 1 joint work with Daniele Bartoli, Leo Storme and Peter Vandendriessche; Jozefien Dhaeseleer and Giovanni Longobardi Finite Geometry and Friends, Brussels June 2019 1

583 views • 22 slides
Improvement of the sunflower bound Jozefien Dhaeseleer September 2017 1 / 12 2 Definition

Improvement of the sunflower bound Jozefien Dhaeseleer September 2017 1 / 12 2 Definition

Congress Irsee Improvement of the sunflower bound Jozefien Dhaeseleer September 2017 1 / 12 2 Definition Subspace code Codewords are subspaces Constant or mixed dimension subspace code Subspace distance: d ( U , V ) = dim( U +

359 views • 12 slides
Slice rank of tensors and its applications Wenjie Fang, LIP, ENS de Lyon Work of Terence Tao and

Slice rank of tensors and its applications Wenjie Fang, LIP, ENS de Lyon Work of Terence Tao and

Motivation Introduction Bounds Applications Discussion Slice rank of tensors and its applications Wenjie Fang, LIP, ENS de Lyon Work of Terence Tao and William Sawin One Day Meeting in Discrete Structures April 14 2017, ENS de Lyon

513 views • 27 slides
Randomness vs structure DNF compression and sunflower lemma Kewen Wu Peking University Joint

Randomness vs structure DNF compression and sunflower lemma Kewen Wu Peking University Joint

Overview DNF compression Sunflower lemma Open problems Thanks Randomness vs structure DNF compression and sunflower lemma Kewen Wu Peking University Joint works with Ryan Alweiss Shachar Lovett Jiapeng Zhang Princeton UCSD Harvard 1

267 views • 25 slides
English Language 1. Joy of Learning 2. Unit Coverage 3. Level Focuses 4. Level-Wide Strategies 5.

English Language 1. Joy of Learning 2. Unit Coverage 3. Level Focuses 4. Level-Wide Strategies 5.

English Language 1. Joy of Learning 2. Unit Coverage 3. Level Focuses 4. Level-Wide Strategies 5. Assessment Format 6. Home Support Little Red Dot To expose pupils to current affairs in Singapore and world issues To read a variety of

915 views • 15 slides
The QuaSEFE Problem Patrizio Angelini, Henry F orster, Michael Hoffmann, Michael Kaufmann,

The QuaSEFE Problem Patrizio Angelini, Henry F orster, Michael Hoffmann, Michael Kaufmann,

The QuaSEFE Problem Patrizio Angelini, Henry F orster, Michael Hoffmann, Michael Kaufmann, Stephen Kobourov, Giuseppe Liotta, Maurizio Patrignani 27 th International Symposium on Graph Drawing and Network Visualization 2019 The QuaSEFE

1.26k views • 93 slides
SUNFLOWER --- In-beam Gamma-ray spectroscopy at RIBF He Wang RIKEN Nishina Center The 9 th

SUNFLOWER --- In-beam Gamma-ray spectroscopy at RIBF He Wang RIKEN Nishina Center The 9 th

SUNFLOWER --- In-beam Gamma-ray spectroscopy at RIBF He Wang RIKEN Nishina Center The 9 th Japan-China Joint Nuclear Physics Symposium (JCNP 2015), November 7-12, 2015, Osaka University Content Introduction to SUNFLOWER Experiment

1.05k views • 41 slides
www.film-english.com by Kieran Donaghy

www.film-english.com by Kieran Donaghy

www.film-english.com by Kieran Donaghy

387 views • 27 slides

More recommend