adversarial examples are a natural consequence of test
play

Adversarial Examples are a Natural Consequence of Test Error in - PowerPoint PPT Presentation

Aug 14, 2022 •371 likes •546 views

Adversarial Examples are a Natural Consequence of Test Error in Noise Nic Ford*, Justin Gilmer*, Nicholas Carlini, Dogus Cubuk *equal contribution Confidential + Proprietary Confidential + Proprietary Robust (out of distribution)

  1. Adversarial Examples are a Natural Consequence of Test Error in Noise Nic Ford*, Justin Gilmer*, Nicholas Carlini, Dogus Cubuk *equal contribution Confidential + Proprietary Confidential + Proprietary

  2. Robust (out of distribution) Generalization Train on p(x) Test on q(x) Confidential + Proprietary

  3. Gaussian noise 50% top-1 acc 14% top-1 acc Confidential + Proprietary

  4. Corruption Robustness ● Goal: Measure and improve model robustness to distributional shift. See also: [Mu, Gilmer] "MNIST-C" https://arxiv.org/abs/1906.02337 [Pei et. al.] - https://arxiv.org/pdf/1712.01785.pdf [Hendrycks et. al] https://arxiv.org/pdf/1807.01697.pdf Confidential + Proprietary

  5. Proprietary + Confidential Adversarial Examples - The "Surprising" Phenomenon ● In 2013 it was discovered that neural networks have “adversarial examples”. 2000+ papers written on this topic. ● x_adv x [Goodfellow et. al.]

  6. Adversarial Examples - The Phenomenon Why do our models have adversarial examples? Confidential + Proprietary

  7. Adversarial Examples - The Phenomenon Why do our models have adversarial examples? A: ??? Confidential + Proprietary

  8. Adversarial Examples - The Phenomenon Why do our models have adversarial examples? A: ??? What are adversarial examples? Confidential + Proprietary

  9. Adversarial Examples - The Phenomenon Why do our models have adversarial examples? A: ??? A: The nearest error What are adversarial examples? Confidential + Proprietary

  10. Adversarial Examples - The Phenomenon Why do our models have adversarial examples? A: ??? A: The nearest error What are adversarial examples? Confidential + Proprietary

  11. Adversarial Examples - The Phenomenon Why do our models have (o.o.d) test error? A: ??? A: The nearest error What are adversarial examples? Confidential + Proprietary

  12. Adversarial Examples - The Phenomenon Why do our models have (o.o.d) test error? A: ??? A: The nearest error What are adversarial examples? Test error > 0 (iid, ood) -> errors exist -> there is a nearest error Confidential + Proprietary

  13. Linear Assumption 1% error rate on random perturbations of norm 79 => adv ex at norm .5 See also Fawzi et. al. Confidential + Proprietary

  14. Adversarial Defenses Confidential + Proprietary

  15. Adversarial Defenses Not a useful measure of robustness Confidential + Proprietary

  16. Conclusion ● It is not surprising that models have a nearest error. ● The nearest error is not unusually close given measured o.o.d robustness. ● The robustness problem is much broader than tiny perturbations. ● If a method doesn't improve o.o.d robustness, is it more secure? Confidential + Proprietary

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

Todays Story: How I got my first Death Threat ? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr October 8 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The

415 views • 29 slides
Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, & Christian Szegedy Presented by - Kawin Ethayarajh and Abhishek Tiwari Introduction - adversarial examples : Inputs formed by applying small but

1.49k views • 103 slides
Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial examples? Standard ML setup: We have training data; try to do well on withheld testing data. Adversarial/robust ML setup: We have training

672 views • 27 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security Seminar, Stanford University, 2017-01-17 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

939 views • 44 slides
Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning Training Examples Hidden units / BICYCLE features CAR PEDESTRIA N Parameters Input ImageNet (Russakovsky et al 2015) Adversarial Examples: Images

369 views • 19 slides
On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac Fuentes 1 , Dalton Rosario 2 , Christopher Kiekintveld 1 1 Department of Computer Science, UTEP 2 US Army Research Laboratory Adversarial Examples on

460 views • 19 slides
Paraphrase generation: adversarial examples / data augmentation CS 685, Fall 2020 Advanced

Paraphrase generation: adversarial examples / data augmentation CS 685, Fall 2020 Advanced

Paraphrase generation: adversarial examples / data augmentation CS 685, Fall 2020 Advanced Natural Language Processing Mohit Iyyer College of Information and Computer Sciences University of Massachusetts Amherst stuff from last time HW1

692 views • 53 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest lecture for CS 294-131, UC Berkeley, 2016-10-05 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

660 views • 44 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Standard Adversarial Examples Given image x ; target class y Maximize with projected gradient descent: Standard Adversarial Examples Standard

560 views • 15 slides
Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22

Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22

Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22 nd 2018 Florian Tramr Stanford Deep Learning is Super Smart! 2 Is it really? + . 007 = Im sure this Im certain this is a panda is

452 views • 12 slides
An overview of the Fires, Asian, and Stratospheric Transport - Las Vegas Ozone Study 2017 ( FAST

An overview of the Fires, Asian, and Stratospheric Transport - Las Vegas Ozone Study 2017 ( FAST

An overview of the Fires, Asian, and Stratospheric Transport - Las Vegas Ozone Study 2017 ( FAST -LVOS) 2013 Where does the high springtime ozone in the Southwest come from? Angel Peak Andrew O. Langford NOAA/ESRL Chemical Sciences Division

201 views • 9 slides
PFN in Warehouse Automation Then, now, and the future May 30, 2018 Wilson Ko Who are we? Tokyo

PFN in Warehouse Automation Then, now, and the future May 30, 2018 Wilson Ko Who are we? Tokyo

PFN in Warehouse Automation Then, now, and the future May 30, 2018 Wilson Ko Who are we? Tokyo based company focused on Machine Learning and Distributed Computing, branch office in Berkeley Were hiring at both locations! Major fields of

656 views • 17 slides
T agging CMSC 723 / LING 723 / INST 725 M ARINE C ARPUAT marine@cs.umd.edu T odays Agenda

T agging CMSC 723 / LING 723 / INST 725 M ARINE C ARPUAT marine@cs.umd.edu T odays Agenda

Part-of-Speech T agging CMSC 723 / LING 723 / INST 725 M ARINE C ARPUAT marine@cs.umd.edu T odays Agenda What are parts of speech (POS)? What is POS tagging? How to POS tag text automatically? Source: Calvin and Hobbs Parts of

1.29k views • 68 slides
Preliminary Injunctions, TROs and Declaratory Judgments Requests for emergency or non-monetary

Preliminary Injunctions, TROs and Declaratory Judgments Requests for emergency or non-monetary

Preliminary Injunctions, Temporary Restraining Orders and Declaratory Judgments Jerry Brown January 25, 2012 Preliminary Injunctions, TROs and Declaratory Judgments Requests for emergency or non-monetary relief: -Preliminary Injunctions

371 views • 34 slides
The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer

The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer

The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer ~ 16M lines source code ~ 16M lines source code Last month: 340 authors with 2,475 commits Interfaces Media Formats Markup Fonts Languages

1.12k views • 72 slides
Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels Meng Xu , Chenxiong Qian,

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels Meng Xu , Chenxiong Qian,

Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels Meng Xu , Chenxiong Qian, Kangjie Lu + , Michael Backes*, Taesoo Kim Georgia Tech | University of Minnesota + | CISPA, Germany* 1 What is Double-Fetch? Address Space

1.21k views • 67 slides
Bug Report Analytics David Lo School of Information Systems Singapore Management University

Bug Report Analytics David Lo School of Information Systems Singapore Management University

Bug Report Analytics David Lo School of Information Systems Singapore Management University davidlo@smu.edu.sg 38 th ACM/IEEE International Conference on Software Engineering, Austin, Texas, USA Problems with Bug Reports Bugs are reported

466 views • 29 slides
Photonics/Hit-Maker Time Bug Jake Feintzeig 1 2 Contents This talk covers two separate but

Photonics/Hit-Maker Time Bug Jake Feintzeig 1 2 Contents This talk covers two separate but

Photonics/Hit-Maker Time Bug Jake Feintzeig 1 2 Contents This talk covers two separate but related bugs, one in photonics and one in hit-maker Photonics time transformation bug Overview Details Time transformation plot

498 views • 12 slides

More recommend