how clever is is your neural network
play

How CLEVER is is your neural network? Robustness evaluation against - PowerPoint PPT Presentation

Nov 06, 2023 •488 likes •852 views

How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu Chen IBM Research AI OReilly AI Conference @ London 2018 IBM Research AI Label it! IBM Research AI Label it! AI model says: ostrich IBM

  1. How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu Chen IBM Research AI O’Reilly AI Conference @ London 2018 IBM Research AI

  2. Label it! IBM Research AI

  3. Label it! AI model says: ostrich IBM Research AI

  4. How about this one? IBM Research AI

  5. Surprisingly, AI model says: shoe shop IBM Research AI

  6. What is wrong with this AI model? - This model is one of the BEST image classifier using neural networks EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples, P.-Y. Chen*, Y. Sharma*, H. Zhang, J. Yi, and C-.J. Hsieh, AAAI 2018 IBM Research AI

  7. Adversarial examples: the evil doublegangers source: Google Images IBM Research AI

  8. Why do adversarial examples matter? - Adversarial attacks on an AI model deployed at test time (aka evasion attacks) IBM Research AI

  9. Adversarial examples in different domains • Images • Videos • Texts • Speech/Audio AI model • Data analysis • Electronic health records • Malware • Online social network • and many others IBM Research AI

  10. Adversarial examples in image captioning AI model Input: image Output: caption Show and Tell: Lessons Learned from the 2015 MSCOCO Image Captioning Challenge, Oriol Vinyals, AlexanderToshev, Samy Bengio, and Dumitru Erhan, T-PAMI 2017 Attacking Visual Language Grounding with Adversarial Examples: A Case Study on Neural Image Captioning, Hongge Chen*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi, and Cho-Jui Hsieh, ACL 2018 IBM Research AI

  11. Adversarial examples in speech recognition without the dataset the article is useless AI model What did your hear? Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, Nicholas Carlini and David Wagner, Deep Learning and Security Workshop 2018 IBM Research AI

  12. Adversarial examples in speech recognition without the dataset the article is useless AI model What did your hear? okay google browse to evil.com Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, Nicholas Carlini and David Wagner, Deep Learning and Security Workshop 2018 IBM Research AI

  13. Adversarial examples in data regression Data Model Analysis Factor identification Is Ordered Weighted $\ell_1$ Regularized Regression Robust to Adversarial Perturbation? A Case Study on OSCAR, Pin-Yu Chen*, Bhanukiran Vinzamuri*, and Sijia Liu, GlobalSIP 2018 IBM Research AI

  14. Adversarial examples in physical world • Real-time traffic sign detector • 3D-printed adversarial turtle • Adversarial eye glasses IBM Research AI

  15. Adversarial examples in physical world (1) • Real-time traffic sign detector IBM Research AI

  16. Adversarial examples in physical world (2) • 3D-printed adversarial turtle IBM Research AI

  17. Adversarial examples in physical world (3) • Adversarial eye glasses that fool face detector • Adversarial sticker IBM Research AI

  18. Adversarial examples in black-box models • White-box setting : adversary knows everything about your model • Black-box setting: craft adversarial examples with limited knowledge about the target model Black-box attack via iterative model query (ZOO) ❖ Unknown training procedure/data/model ❖ Unknown output classes ❖ Unknown model confidence Image AI/ML system Prediction Targeted black-box attack on Google Cloud Vision ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models, P.-Y. Chen*, H. Zhang*, Y. Sharma, J. Yi, and C.-J. Hsieh, AI-Security 2017 Black-box Adversarial Attacks with Limited Queries and Information, Andrew Ilyas*, Logan Engstrom*, Anish Athalye*, and Jessy Lin*, ICML 2018 Source: https://www.labsix.org/partial-information-adversarial-examples/ IBM Research AI

  19. Growing concerns about safety-critical settings with AI Autonomous cars that deploy AI model for traffic signs recognition Source: Paishun Ting IBM Research AI

  20. But with adversarial examples… IBM Research AI Source: Paishun Ting

  21. Where do adversarial examples come from? - What is the common theme of adversarial examples in different domains? IBM Research AI

  22. Neural Networks: The Engine for Deep Learning • Applications of neural networks outcome (prediction) neural network ❑ Image processing and understanding ❑ Object detection/classification ❑ Chatbot, Q&A ❑ Machine translation 2% (traffic light) ❑ Speech recognition ❑ Game playing 90% (French bulldog) ❑ Robotics 3% (basketball) ❑ Bioinformatics ❑ Creativity 5% (bagel) ❑ Drug discovery ❑ Reasoning ❑ And still a long list… input task trainable neurons; Source: Paishun Ting usually large and deep IBM Research AI

  23. The ImageNet Accuracy Revolution and Arms Race Geoffrey Hinton Beyond human performance What’s Next? Source: http://image-net.org/challenges/talks_2017/imagenet_ilsvrc2017_v1.0.pdf Source: https://qz.com/1034972/the-data-that-changed-the-direction-of-ai-research-and-possibly-the-world/ IBM Research AI

  24. Accuracy ≠ Adversarial Robustness • Solely pursuing for high- accuracy AI model may get us in trouble… Our benchmark on 18 ImageNet models reveals a tradeoff in accuracy and robustness Robustness Accuracy Is Robustness the Cost of Accuracy? A Comprehensive Study on the Robustness of 18 Deep Image Classification Models, Dong Su*, Huan Zhang*, Hongge Chen, Jinfeng Yi, Pin-Yu Chen, and Yupeng Gao, ECCV 2018 IBM Research AI

  25. How can we measure and improve adversarial robustness of my AI/ML model? An explanation of origins of adversarial examples The CLRVER score for robustness evaluation IBM Research AI

  26. Learning to classify is all about drawing a line Classified as Labeled datasets Classified as Decision boundary w/ 100% accuracy Decision boundary w/ <100% accuracy Source: Paishun Ting IBM Research AI

  27. Connecting adversarial examples to model robustness Classified as Classified as • Robustness evaluation: how close a refence input is to the (closest) decision boundary IBM Research AI Source:Paishun-Ting, Tsui-Wei Weng

  28. Robustness evaluation is NOT easy • We still don’t fully understand how neural nets learn to predict Labeled ❑ calling for interpretable AI datasets • Training data could be noisy and biased ❑ calling for robust and fair AI • Neural network architecture could be redundant and leading to vulnerable spots ❑ calling for efficient and secure AI model • Need for human-like machine perception and understanding ❑ calling for bio-inspired AI model • Attacks can also benefit and improve upon the progress in AI ❑ calling for attack-independent evaluation IBM Research AI

  29. How do we evaluate adversarial robustness? • Game-based approach • Verification-based approach ❑ Specify a set of players (attacks and defenses) ❑ Attack-independent: does not use attacks for evaluation ❑ Benchmark the performance against each attacker-defender pair ❑ Can provide a robustness certificate o The metric/rank could be exploited; for safety-critical or reliability- No guarantee on unseen sensitive applications: e.g., no attacks can alter the decision of the AI model threats and future attacks if the attack strength is limited Optimal verification is provably difficult for large neural nets – computationally impractical - Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks, Guy Katz, Clark Barrett, David Dill, Kyle Julian, Mykel Kochenderfer, CAV 2017 IBM Research AI - Efficient Neural Network Robustness Certification with General Activation Functions, Huan Zhang*, Tsui-Wei Weng*, Pin-Yu Chen, Cho-Jui Hsieh, and Luca Daniel, NIPS 2018

  30. CLEVER: a tale of two approaches • An attack-independent, model-agnostic robustness metric that is efficient to ≈ CLEVER score compute • Derived from theoretical robustness analysis for verification of neural networks: Cross Lipschitz Extreme Value for nEtwork Robustness • Use of extreme value theory for efficient estimation of minimum distortion • Scalable to large neural networks input-output perturbation • Open-source codes: analysis of https://github.com/IBM/CLEVER-Robustness-Score neural net Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach, Tsui-Wei Weng*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi, Dong Su, Yupeng Guo, Cho-Jui Hsieh, and Luca Daniel, ICLR 2018 On Extensions of CLEVER: a Neural Network Robustness Evaluation Algorithm, Tsui-Wei Weng*, Huan Zhang*, Pin-Yu Chen, Aurelie Lozano, Cho-Jui Hsieh, and Luca Daniel, GlobalSIP 2018 IBM Research AI

  31. How do we use CLEVER? Other use cases Before-After robustness comparison • Will my model become more • Characterize the behaviors and properties of adversarial examples robust if I do/use X ? • Hyperparameter selection for CLEVER adversarial attacks and defenses score Original • Reward-driven model robustness model Same set of improvement data for do/use X robustness evaluation Robustne CLEVER Modified ss score model Accuracy IBM Research AI

  32. Examples of CLEVER • CLEVER enables robustness comparison between different ❑ Threat models ❑ Datasets ❑ Neural network architectures ❑ Defense mechanisms IBM Research AI

  33. Where to Find CLEVER? It’s ART IBM Research AI Also available at https://github.com/IBM/CLEVER-Robustness-Score

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Man is special Some animals are very clever but none of them can compare with man. Clever

Man is special Some animals are very clever but none of them can compare with man. Clever

Man is special Some animals are very clever but none of them can compare with man. Clever animals Using tools Koko the gorilla Koko is very intelligent. She: learned sign language asked (signed) for and got a pet kitten was very

314 views • 13 slides
Neural Information Retrieval Wassila Lalouani 1 Plan Neural network architectures Neural

Neural Information Retrieval Wassila Lalouani 1 Plan Neural network architectures Neural

Neural Information Retrieval Wassila Lalouani 1 Plan Neural network architectures Neural IR tasks Neural IR architecture Feature Representations Neural IR query auto completion Neural IR query suggestion Neural IR document

1.48k views • 18 slides
Artificial Neural Networks By: Kodi Neumiller Overview What is an artificial neural network

Artificial Neural Networks By: Kodi Neumiller Overview What is an artificial neural network

Artificial Neural Networks By: Kodi Neumiller Overview What is an artificial neural network Perceptron Feed forward Backpropagation Learning rate/momentum What is a neural network? Artificial Human Neurons Each

888 views • 12 slides
MULTILAYER NEURAL NETWORKS Jeff Robble, Brian Renzenbrink, Doug Roberts Multilayer Neural

MULTILAYER NEURAL NETWORKS Jeff Robble, Brian Renzenbrink, Doug Roberts Multilayer Neural

MULTILAYER NEURAL NETWORKS Jeff Robble, Brian Renzenbrink, Doug Roberts Multilayer Neural Networks We learned in Chapter 5 that clever choices of nonlinear functions we can obtain arbitrary decision boundaries that lead to minimum error.

900 views • 37 slides
Same, Same But Different Recovering Neural Network Quantization Error Through Weight

Same, Same But Different Recovering Neural Network Quantization Error Through Weight

Same, Same But Different Recovering Neural Network Quantization Error Through Weight Factorization Eldad Meller ICML 2019 Neural Network Quantization Quantization of Neural Networks is needed for efficient inference Quantization adds

482 views • 9 slides
Deep Learning Primer Nishith Khandwala Neural Networks Overview Neural Network Basics

Deep Learning Primer Nishith Khandwala Neural Networks Overview Neural Network Basics

Deep Learning Primer Nishith Khandwala Neural Networks Overview Neural Network Basics Activation Functions Stochastic Gradient Descent (SGD) Regularization (Dropout) Training Tips and Tricks Neural Network (NN)

828 views • 45 slides
Graph Neural Network Fang Yuanqiang, 2019/05/18 Graph Neural Network Why GNN? Preliminary

Graph Neural Network Fang Yuanqiang, 2019/05/18 Graph Neural Network Why GNN? Preliminary

Graph Neural Network Fang Yuanqiang, 2019/05/18 Graph Neural Network Why GNN? Preliminary Fixed graph Vanilla Spectral Graph ConvNets ChebyNet GCN CayleyNet Multiple graphs Variable graph

817 views • 46 slides
Neural network applications ALVINN (Pomerleau, mid 1990s) Autonomous Land Vehicle in Neural

Neural network applications ALVINN (Pomerleau, mid 1990s) Autonomous Land Vehicle in Neural

Neural network applications ALVINN (Pomerleau, mid 1990s) Autonomous Land Vehicle in Neural Network To date: Sharp Straight Sharp Left Ahead Right Neural networks: what are they 30 Output Units Backpropagation: efficient

346 views • 15 slides
Neural Networks for Machine Learning Lecture 2a An overview of the main types of neural network

Neural Networks for Machine Learning Lecture 2a An overview of the main types of neural network

Neural Networks for Machine Learning Lecture 2a An overview of the main types of neural network architecture Geoffrey Hinton with Nitish Srivastava Kevin Swersky Feed-forward neural networks These are the commonest type of neural

534 views • 32 slides
Similarity of Neural Network Representations Revisited Simon Kornblith, Mohammad Norouzi,

Similarity of Neural Network Representations Revisited Simon Kornblith, Mohammad Norouzi,

Similarity of Neural Network Representations Revisited Simon Kornblith, Mohammad Norouzi, Honglak Lee, Geofgrey Hinton Motivation We need tools to understand trained neural networks Neural network training involves interactions between an

588 views • 16 slides
Lecture 2: Deeper Neural Network 1 Objective In the second lecture, you will see How to

Lecture 2: Deeper Neural Network 1 Objective In the second lecture, you will see How to

Lecture 2: Deeper Neural Network 1 Objective In the second lecture, you will see How to deepen your neural network to learn more complex functions Several techniques to fasten your learning process The most popular artificial

423 views • 40 slides
Neural network architectures for image captioning By Emily Kern Given a set of images and

Neural network architectures for image captioning By Emily Kern Given a set of images and

Neural network architectures for image captioning By Emily Kern Given a set of images and accompanying human-generated captions, can we train a neural network to predict captions for new images? What is a neural network? A computer system

523 views • 16 slides
Unsupervised clustering with growing self-organizing neural network A comparison with non-neural

Unsupervised clustering with growing self-organizing neural network A comparison with non-neural

Unsupervised clustering with growing self-organizing neural network A comparison with non-neural approach Martin Hynar, Michal Burda, Jana Sarmanov a Department of Computer Science, V SB Technical University of Ostrava, 17.

473 views • 24 slides
Propagating Error Backward Hyperparameters for Neural Networks } Multi-layer (deep) neural

Propagating Error Backward Hyperparameters for Neural Networks } Multi-layer (deep) neural

Learning in Neural Networks w 1,3 w 3,5 1 3 5 w w 1,4 3,6 w w 2,3 4,5 2 4 6 w w 2,4 4,6 Class #18: Back-Propagation; } A neural network can learn a classification function by Tuning Hyper-Parameters adjusting its weights to

259 views • 4 slides
A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT A Neural Network Architecture

A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT A Neural Network Architecture

A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT Morpho-Syntac-c features outperform word embeddings on this task Syntac-c n-grams improve the

1.18k views • 38 slides
Human-Robot Interaction: Language Acquisition with Neural Network Alvin Rindra Fazrie 09.11.2015

Human-Robot Interaction: Language Acquisition with Neural Network Alvin Rindra Fazrie 09.11.2015

Human-Robot Interaction: Language Acquisition with Neural Network Alvin Rindra Fazrie 09.11.2015 1 Outline Motivation Basics and Definitions - Natural Language Processing - Neural Network Neural Network Architecture - Single

242 views • 12 slides
Extreme precipitation event analysis based on GCM daily data Wei Ye International Global Change

Extreme precipitation event analysis based on GCM daily data Wei Ye International Global Change

Extreme precipitation event analysis based on GCM daily data Wei Ye International Global Change Centre Introduction Extreme weather events such as heavy rainfall can be serious treat agriculture production, infrastructure and peoples life;

624 views • 19 slides
Content Comparison of two nearness-to- collision surrogate indicators at a Problem statement

Content Comparison of two nearness-to- collision surrogate indicators at a Problem statement

Content Comparison of two nearness-to- collision surrogate indicators at a Problem statement signalized intersection in Minsk Literature review Surrogate measures of safety using Extreme Value Theory Application of EVT

457 views • 6 slides
Verification of extremes using proper scoring rules and extreme value theory Maxime Taillardat 1 ,

Verification of extremes using proper scoring rules and extreme value theory Maxime Taillardat 1 ,

Verification of extremes using proper scoring rules and extreme value theory Maxime Taillardat 1 , 2 , 3 A-L. Fougres 3 , . Naveau 2 and P O. Mestre 1 1CNRM/Mto-France 2LSCE 3ICJ May 8, 2017 Introduction Weighted CRPS EVT and CRPS

672 views • 31 slides
Salary Equity Committee FY17 FACULTY SALARY EQUITY STUDY Process, Findings and Recommendations

Salary Equity Committee FY17 FACULTY SALARY EQUITY STUDY Process, Findings and Recommendations

Salary Equity Committee FY17 FACULTY SALARY EQUITY STUDY Process, Findings and Recommendations for Moving Forward Salary Equity Committee - Presenters Diana Prieto Chair, Salary Equity Committee Executive Director, Human Resources and Equal

412 views • 26 slides
Investigation of Crouzeixs Conjecture via Nonsmooth Optimization Michael L. Overton Courant

Investigation of Crouzeixs Conjecture via Nonsmooth Optimization Michael L. Overton Courant

Investigation of Crouzeixs Conjecture via Nonsmooth Optimization Michael L. Overton Courant Institute of Mathematical Sciences New York University Joint work with Anne Greenbaum, University of Washington and Adrian Lewis, Cornell Workshop

1.65k views • 132 slides
Part1: Full factorial designs for 2-level factors Prepared by: Paul Funkenbusch, Department of

Part1: Full factorial designs for 2-level factors Prepared by: Paul Funkenbusch, Department of

Part1: Full factorial designs for 2-level factors Prepared by: Paul Funkenbusch, Department of Mechanical Engineering, University of Rochester Terminology Experiment Model relationship Full factorial experiments Interactions

298 views • 26 slides
Chris Parkin, MS Carmel Indiana Carmel, Indiana Argument The Art The Art of the Who has done

Chris Parkin, MS Carmel Indiana Carmel, Indiana Argument The Art The Art of the Who has done

Chris Parkin, MS Carmel Indiana Carmel, Indiana Argument The Art The Art of the Who has done a Who has done a presentation before? Who has seen a presentation before? Who knows someone who has seen a presentation before? before?

1.19k views • 76 slides
2019-2020 State Work Release Expansion WELCOME AND INTRODUCTIONS MIKE SCHINDLER Establishing

2019-2020 State Work Release Expansion WELCOME AND INTRODUCTIONS MIKE SCHINDLER Establishing

2019-2020 State Work Release Expansion WELCOME AND INTRODUCTIONS MIKE SCHINDLER Establishing Effective Meeting Protocols Welcome Who am I The role of the facilitator Why we asked you to attend / Local Advisory Committee (LAC)

671 views • 19 slides

More recommend