Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research - - PowerPoint PPT Presentation

adversarial machine learning
SMART_READER_LITE
LIVE PREVIEW

Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research - - PowerPoint PPT Presentation

Jul 22, 2023 157 likes •567 views

Progressive GAN CoGAN LR-GAN MedGAN CGAN IcGAN A ff GAN DiscoGAN LS-GAN BIM LAPGAN MPM-GAN AdaGAN FGSM iGAN LSGAN InfoGAN IAN ATN Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain McGAN

slide-1
SLIDE 1

Ian Goodfellow, Staff Research Scientist, Google Brain South Park Commons San Francisco, 2018-05-24

Adversarial Machine Learning

3D-GAN AC-GAN AdaGAN AffGAN AL-CGAN ALI FGSM AnoGAN ArtGAN BIM Bayesian GAN BEGAN BiGAN BS-GAN CGAN CCGAN ATN CoGAN Context-RNN-GAN C-RNN-GAN C-VAE-GAN CycleGAN DTN DCGAN DiscoGAN DR-GAN Adversarial Training EBGAN f-GAN FF-GAN GAWWN BPDA Gradient Masking IAN iGAN IcGAN Progressive GAN InfoGAN LAPGAN LR-GAN LS-GAN LSGAN MGAN MAGAN MAD-GAN MalGAN PGD McGAN MedGAN MIX+GAN MPM-GAN SN-GAN

slide-2
SLIDE 2

(Goodfellow 2017)

Adversarial Machine Learning

Traditional ML:

  • ptimization

Adversarial ML: game theory Minimum Equilibrium One player,

  • ne cost

More than one player, more than one cost

slide-3
SLIDE 3

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-4
SLIDE 4

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-5
SLIDE 5

(Goodfellow 2018)

Generative Modeling: Sample Generation

Training Data Sample Generator (CelebA) (Karras et al, 2017)

slide-6
SLIDE 6

(Goodfellow 2018)

Adversarial Nets Framework

x sampled from data Differentiable function D D(x) tries to be near 1 Input noise z Differentiable function G x sampled from model D D tries to make D(G(z)) near 0, G tries to make D(G(z)) near 1

(Goodfellow et al., 2014)

slide-7
SLIDE 7

(Goodfellow 2018)

GANs for simulated training data

(Shrivastava et al., 2016)

slide-8
SLIDE 8

(Goodfellow 2018)

Unsupervised Image-to-Image Translation

(Liu et al., 2017) Day to night

slide-9
SLIDE 9

(Goodfellow 2018)

CycleGAN

(Zhu et al., 2017)

slide-10
SLIDE 10

(Goodfellow 2018)

Designing DNA to optimize protein binding

(Killoran et al, 2017)

slide-11
SLIDE 11

(Goodfellow 2018)

Personalized GANufacturing

(Hwang et al 2018)

slide-12
SLIDE 12

(Goodfellow 2018)

Self-Attention GAN

State of the art FID on ImageNet: 1000 categories, 128x128 pixels (Zhang et al, 2018) Indigo Bunting Goldfish Redshank Saint Bernard Tiger Cat Stone Wall Broccoli Geyser

slide-13
SLIDE 13

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-14
SLIDE 14

(Goodfellow 2017)

Adversarial Examples

X θ

x

ˆ y

slide-15
SLIDE 15

(Goodfellow 2017)

Adversarial Examples in the Physical World

(Kurakin et al, 2016)

slide-16
SLIDE 16

(Goodfellow 2017)

Training on Adversarial Examples

50 100 150 200 250 300 Training time (epochs) 10−2 10−1 100 Test misclassification rate

Train=Clean, Test=Clean Train=Clean, Test=Adv Train=Adv, Test=Clean Train=Adv, Test=Adv

(CleverHans tutorial, using method of Goodfellow et al 2014)

slide-17
SLIDE 17

(Goodfellow 2018)

Adversarial Logit Pairing

clean logits adv logits

Adversarial perturbation Logit pairing

State of the art defense on ImageNet (Kannan et al, 2018)

slide-18
SLIDE 18

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-19
SLIDE 19

(Goodfellow 2017)

Adversarial Examples for RL

(Huang et al., 2017)

slide-20
SLIDE 20

(Goodfellow 2017)

Self-Play

1959: Arthur Samuel’s checkers agent (Silver et al, 2017) (Bansal et al, 2017) (OpenAI, 2017)

slide-21
SLIDE 21

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-22
SLIDE 22

(Goodfellow 2017)

Extreme Reliability

  • We want extreme reliability for
  • Autonomous vehicles
  • Air traffic control
  • Surgery robots
  • Medical diagnosis, etc.
  • Adversarial machine learning research techniques can help with this
  • Katz et al 2017: verification system, applied to air traffic control
slide-23
SLIDE 23

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-24
SLIDE 24

(Goodfellow 2018)

Supervised Discriminator for Semi-Supervised Learning

Input Real Hidden units Fake Input Real dog Hidden units Fake Real cat

(Odena 2016, Salimans et al 2016) Learn to read with 100 labels rather than 60,000

slide-25
SLIDE 25

(Goodfellow 2018)

Virtual Adversarial Training

(Oliver+Odena+Raffel et al, 2018)

Miyato et al 2015: regularize for robustness to adversarial perturbations of unlabeled data

slide-26
SLIDE 26

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-27
SLIDE 27

(Goodfellow 2018)

Privacy of training data

X θ ˆ X

slide-28
SLIDE 28

(Goodfellow 2018)

Defining (ε, δ)-Differential Privacy

(Abadi 2017)

slide-29
SLIDE 29

(Goodfellow 2018)

Private Aggregation of Teacher Ensembles

(Papernot et al 2016)

slide-30
SLIDE 30

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-31
SLIDE 31

(Goodfellow 2017)

Domain Adaptation

  • Domain Adversarial Networks (Ganin et al, 2015)
  • Professor forcing (Lamb et al, 2016): Domain-

Adversarial learning in RNN hidden state

slide-32
SLIDE 32

(Raffel, 2017)

GANs for domain adaptation

(Bousmalis et al., 2016)

slide-33
SLIDE 33

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-34
SLIDE 34

(Goodfellow 2017)

Adversarially Learned Fair Representations

  • Edwards and Storkey 2015
  • Learn representations that are useful for

classification

  • An adversary tries to recover a sensitive variable S

from the representation. Primary learner tries to make S impossible to recover

  • Final decision does not depend on S
slide-35
SLIDE 35

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-36
SLIDE 36

(Goodfellow 2017)

How do machine learning models work?

(Selvaraju et al, 2016) (Goodfellow et al, 2014) Interpretability literature: our analysis tools show that deep nets work about how you would expect them to. Adversarial ML literature: ML models are very easy to fool and even linear models work in counter-intuitive ways.

slide-37
SLIDE 37

(Goodfellow 2017)

A Cambrian Explosion of Machine Learning Research Topics

Make ML work RL Fairness Accountability and Transparency Extreme reliability Security Privacy Generative Modeling Domain adaptation Label efficiency ML+neuroscience

slide-38
SLIDE 38

(Goodfellow 2017)

Adversarial Examples that Fool both Human and Computer Vision

Gamaleldin et al 2018

slide-39
SLIDE 39

(Goodfellow 2018)

Questions