adversarial training and provable defenses bridging the
play

Adversarial Training and Provable Defenses: Bridging the Gap S 0 - PowerPoint PPT Presentation

Nov 11, 2022 •274 likes •459 views

Adversarial Training and Provable Defenses: Bridging the Gap S 0 1 1 = 1 2 3 Conv + ReLU Conv + ReLU Linear =

  1. Adversarial Training and Provable Defenses: Bridging the Gap

  2. 𝑀 ∞

  3. 𝑦 S 0 𝑦 𝑙 ∘ ℎ 𝜄 𝑙−1 ∘ ⋯ ∘ ℎ 𝜄 1 ℎ 𝜄 = ℎ 𝜄 1 2 3 ℎ 𝜄 ℎ 𝜄 ℎ 𝜄 Conv + ReLU Conv + ReLU Linear ′ = ℎ 𝜄 (𝑦′) 𝑦 ′ ∈ 𝑇 0 (𝑦) ′ ′ 𝑦 1 𝑦 3 𝑦 2

  4. 𝑑 𝑈 ℎ 𝜄 𝑦 ′ + 𝑒 < 0, ∀𝑦 ′ ∈ 𝑇 0 (𝑦) 1 2 3 ℎ 𝜄 ℎ 𝜄 ℎ 𝜄 Conv + ReLU Conv + ReLU Linear ′ = ℎ 𝜄 (𝑦′) 𝑦 ′ ∈ 𝑇 0 (𝑦) ′ ′ 𝑦 1 𝑦 3 𝑦 2

  5. 1 2 3 ℎ 𝜄 ℎ 𝜄 ℎ 𝜄 Conv + ReLU Conv + ReLU Check output condition: Linear ′ + 𝑒 < 0, ∀𝑦 3 ′ ∈ 𝐷 3 𝑦 𝑑 𝑈 𝑦 3 𝐷 0 𝑦 = 𝑇 0 (𝑦) 𝐷 1 𝑦 𝐷 2 𝑦 𝐷 3 𝑦 Guarantees: 𝑑 𝑈 ℎ 𝜄 𝑦 ′ + 𝑒 < 0, ∀𝑦 ′ ∈ 𝑇 0 (𝑦)

  6. ℒ 𝑦 ′ ∈𝑇 0 (𝑦) ℒ(ℎ 𝜄 𝑦 ′ , 𝑧) min 𝜄 𝐹 𝑦,𝑧 ~𝐸 max lower upper

  7. upper • • lower • • • •

  8. 1 2 3 ℎ 𝜄 ℎ 𝜄 ℎ 𝜄 ′ ′ ′ 𝑦 1 𝑦 2 𝑦 3 ′ 𝑦 2 ′ 𝑦 3 ′ 𝑦 1 𝐷 0 𝑦 = 𝑇 0 (𝑦) 𝐷 1 𝑦 𝐷 2 𝑦 𝐷 3 𝑦 ′ + 𝑒 < 0 → certification fails 𝑑 𝑈 𝑦 3

  9. 𝑇 0 (𝑦) 𝐷 1 𝑦 , 𝐷 2 𝑦 , 𝐷 3 (𝑦)

  10. 2 1 3 ℎ 𝜄 ℎ 𝜄 ℎ 𝜄 Conv + ReLU Conv + ReLU ′ ′ 𝑦 2 𝑦 1 Linear ′ , 𝑧) ℒ(𝑦 3 ′ , 𝑧) 𝛼 𝜄 ℒ(𝑦 3 ′ 𝑦 2 ′ 𝑦 3 ′ 𝑦 1 𝐷 0 𝑦 = 𝑇 0 (𝑦) 𝐷 1 𝑦 𝐷 2 𝑦 𝐷 3 𝑦

  12. projection

  13. 𝐷 𝑚 𝑦 = 𝑏 𝑚 + 𝐵 𝑚 𝑓 𝑓 ∈ −1, 1 𝑛 𝑚 𝑏 𝑚 𝐵 𝑚 𝑀 ∞ 𝜗 𝑏 0 = 𝑦 𝐵 0 = 𝜗𝐽

  14. Key idea 𝑦 ′ = 𝑏 𝑚 + 𝐵 𝑚 𝑓 ′ 𝑦 1 𝑓 1 ′ 𝑓 2 𝑦 2 ′ ≔ 2𝑓 1 − 𝑓 2 𝑦 1 ′ ≔ 𝑓 1 + 𝑓 2 𝑦 2

  15. Method Accuracy (%) Certified Robustness (%)

  16. Method Accuracy (%) Certified Robustness (%)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico Kolter (this lecture) and Ariel Procaccia Carnegie Mellon University Spring 2018 Portions base upon joint work with Eric Wong 1 Outline Adverarial

710 views • 39 slides
Ensemble Adversarial Training A1acks and Defenses Cybersecurity With The Best October 15 th 2017

Ensemble Adversarial Training A1acks and Defenses Cybersecurity With The Best October 15 th 2017

Ensemble Adversarial Training A1acks and Defenses Cybersecurity With The Best October 15 th 2017 Florian Tramr Stanford Joint work with Alexey Kurakin (Google Brain) Nicolas Papernot (PSU) Dan Boneh (Stanford) Patrick McDaniel (PSU)

723 views • 24 slides
Ensemble Adversarial Training A1acks and Defenses Facebook December 15 th 2017 Florian Tramr

Ensemble Adversarial Training A1acks and Defenses Facebook December 15 th 2017 Florian Tramr

Ensemble Adversarial Training A1acks and Defenses Facebook December 15 th 2017 Florian Tramr Stanford Joint work with Alexey Kurakin (Google Brain) Nicolas Papernot (PSU) Ian Goodfellow (Google Brain) Dan Boneh (Stanford) Patrick

1.14k views • 23 slides
On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th , 2020 Joint work with Nicholas Carlini, Wieland Brendel and Aleksander Madry What Are Adversarial Examples? 88% Tabby Cat 99% Guacamole Biggio

360 views • 21 slides
Transferable Adversarial Examples: Insights, A9acks &amp; Defenses June 12 th 2017 Florian

Transferable Adversarial Examples: Insights, A9acks &amp; Defenses June 12 th 2017 Florian

Transferable Adversarial Examples: Insights, A9acks &amp; Defenses June 12 th 2017 Florian Tramr Joint work with Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh &amp; Patrick McDaniel Adversarial Examples Threat Model: White-Box

480 views • 27 slides
The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop 2019-05-06 New Orleans Based on https://arxiv.org/pdf/1903.06293.pdf Definition Adversarial examples are inputs to machine learning models that

411 views • 22 slides
Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning Stronger Jingfeng Zhang 1 * , Xilie Xu 2* , Bo Han 34 , Gang Niu 4 , Lichen Cui 5 , Masashi Sugiyama 46 , and Mohan Kankanhalli 1 1 Department of Computer

376 views • 14 slides
Efficient Defenses Against Adversarial Examples for Deep Neural Networks Valentina Zantedeschi

Efficient Defenses Against Adversarial Examples for Deep Neural Networks Valentina Zantedeschi

Efficient Defenses Against Adversarial Examples for Deep Neural Networks Valentina Zantedeschi Irina Nicolae Ambrish Rawat @vzantedesc @ririnicolae @ambrishrawat Jean Monnet University IBM Research AI GreHack #5 November 17, 2017

483 views • 37 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

540 views • 50 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

1.13k views • 67 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for

A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for

Adversarial Training for MCMC Shengjia Zhao Stefano Ermon March 7, 2018 Stanford University A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for Markov Chains 4. Adversarial Training for MCMC 5.

851 views • 58 slides
Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas

Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas

Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas Carlini Google Research Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Lessons Learned from Evaluating the

1.28k views • 127 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias Hein, Bernt Schiele 2-Minute Overview Problem: Robustness to various adversarial examples. Adversarial training on L adversarial examples:

635 views • 34 slides
CS 225 Data Structures Au August 26 Cl Classes es and Ref efer eren ence ce Variables

CS 225 Data Structures Au August 26 Cl Classes es and Ref efer eren ence ce Variables

CS 225 Data Structures Au August 26 Cl Classes es and Ref efer eren ence ce Variables es G G Carl Evans St Stream Ru Rules TL;DR: Treat the stream like a classroom, don't say anything that would send you to the Dean of Students.

573 views • 22 slides
timelines at scale @ra ffi qcon sf 2012 Pull Push Targeted twitter.com User / Site Streams

timelines at scale @ra ffi qcon sf 2012 Pull Push Targeted twitter.com User / Site Streams

timelines at scale @ra ffi qcon sf 2012 Pull Push Targeted twitter.com User / Site Streams home_timeline API Mobile Push (SMS, etc.) Queried Search API Track / Follow Streams the challenge &gt; 150M world wide active users &gt; 300K

706 views • 42 slides
Lecture 3.3: Normal subgroups Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 3.3: Normal subgroups Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 3.3: Normal subgroups Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 3.3: Normal subgroups Math 4120, Modern

362 views • 7 slides
aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h

aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h

Review of Leture 12 Cho osing a regula rizer Regula rization aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h N ( h ) E most used: w eight dea y onst. in = ( h )

357 views • 23 slides
AND USING C MODULES CSSE 120 Rose Hulman Institute of Technology Preamble: #define and typedef

AND USING C MODULES CSSE 120 Rose Hulman Institute of Technology Preamble: #define and typedef

STRUCTS, TYPEDEF, #DEFINE, AND USING C MODULES CSSE 120 Rose Hulman Institute of Technology Preamble: #define and typedef C allows us to define our own constants and type names to help make code more readable For more info, see Kochan,

584 views • 29 slides
Controllable Invariance through Adversarial Feature Learning Qizhe Xie, Zihang Dai, Yulun Du,

Controllable Invariance through Adversarial Feature Learning Qizhe Xie, Zihang Dai, Yulun Du,

Controllable Invariance through Adversarial Feature Learning Qizhe Xie, Zihang Dai, Yulun Du, Eduard Hovy, Graham Neubig Carnegie Mellon University Language Technologies Institute NIPS 2017 Outline Introduction Introduction Adversarial

308 views • 11 slides
H H H Resonance Draw the Lewis structure for nitromethane, CH 3 NO 2 - . . .. . H . . H

H H H Resonance Draw the Lewis structure for nitromethane, CH 3 NO 2 - . . .. . H . . H

Resonance Draw the Lewis structure of [CH 2 =CHCH 2 ] + H H H H H H . C C C C C C + + . + H C H H C H H C H H H H H H H H H H + + C C H C C H C C H H H H C C + C H H H Resonance Draw the Lewis

337 views • 12 slides
Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for

Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for

Logic as a Tool Chapter 2: Deductive Reasoning in Propositional Logic 2.2 Axiomatic systems for propositional logics Valentin Goranko Stockholm University October 2016 Goranko Hilbert-style axiomatic systems Based on axioms (or, axiom

115 views • 10 slides

More recommend