Adversarial Examples are a Natural Consequence of Test Error in - - PowerPoint PPT Presentation

adversarial examples are a natural consequence of test
SMART_READER_LITE
LIVE PREVIEW

Adversarial Examples are a Natural Consequence of Test Error in - - PowerPoint PPT Presentation

Aug 14, 2022 371 likes •548 views

Adversarial Examples are a Natural Consequence of Test Error in Noise Nic Ford*, Justin Gilmer*, Nicholas Carlini, Dogus Cubuk *equal contribution Confidential + Proprietary Confidential + Proprietary Robust (out of distribution)

slide-1
SLIDE 1

Confidential + Proprietary Confidential + Proprietary

Adversarial Examples are a Natural Consequence of Test Error in Noise

Nic Ford*, Justin Gilmer*, Nicholas Carlini, Dogus Cubuk

*equal contribution

slide-2
SLIDE 2

Confidential + Proprietary

Robust (out of distribution) Generalization

Train on p(x) Test on q(x)

slide-3
SLIDE 3

Confidential + Proprietary

Gaussian noise

50% top-1 acc 14% top-1 acc

slide-4
SLIDE 4

Confidential + Proprietary

Corruption Robustness

[Hendrycks et. al] https://arxiv.org/pdf/1807.01697.pdf

  • Goal: Measure and improve model

robustness to distributional shift.

See also: [Mu, Gilmer] "MNIST-C" https://arxiv.org/abs/1906.02337 [Pei et. al.] - https://arxiv.org/pdf/1712.01785.pdf

slide-5
SLIDE 5

Proprietary + Confidential

Adversarial Examples - The "Surprising" Phenomenon

x x_adv

  • In 2013 it was discovered that neural networks have “adversarial examples”.
  • 2000+ papers written on this topic.

[Goodfellow et. al.]

slide-6
SLIDE 6

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have adversarial examples?

slide-7
SLIDE 7

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have adversarial examples? A: ???

slide-8
SLIDE 8

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have adversarial examples? A: ??? What are adversarial examples?

slide-9
SLIDE 9

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have adversarial examples? A: ??? What are adversarial examples? A: The nearest error

slide-10
SLIDE 10

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have adversarial examples? A: ??? A: The nearest error What are adversarial examples?

slide-11
SLIDE 11

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have (o.o.d) test error? A: ??? A: The nearest error What are adversarial examples?

slide-12
SLIDE 12

Confidential + Proprietary

Adversarial Examples - The Phenomenon

Why do our models have (o.o.d) test error? A: ??? A: The nearest error What are adversarial examples?

Test error > 0 (iid, ood) -> errors exist -> there is a nearest error

slide-13
SLIDE 13

Confidential + Proprietary

Linear Assumption

See also Fawzi et. al.

1% error rate on random perturbations of norm 79 => adv ex at norm .5

slide-14
SLIDE 14

Confidential + Proprietary

Adversarial Defenses

slide-15
SLIDE 15

Confidential + Proprietary

Adversarial Defenses

Not a useful measure of robustness

slide-16
SLIDE 16

Confidential + Proprietary

Conclusion

  • It is not surprising that models have a

nearest error.

  • The nearest error is not unusually close

given measured o.o.d robustness.

  • The robustness problem is much broader

than tiny perturbations.

  • If a method doesn't improve o.o.d

robustness, is it more secure?