on the adversarial robustness of uncertainty aware deep
play

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL - PowerPoint PPT Presentation

Jan 16, 2024 •860 likes •1.14k views

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ?

  1. ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH

  2. QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ? 4/29/2019 Ali Harakeh 2

  3. ADVERSARIAL ROBUSTNESS

  4. HOW GOOD IS YOUR NEURAL NETWORK ? • Neural networks are not robust to input perturbations. • Example: Carlini and Wagner Attack on MNIST 3 1 2 0 4/29/2019 Ali Harakeh 4

  5. ADVERSARIAL PERTURBATIONS X 0 X a X b Decision Boundary 1 Decision Boundary 3 Ostrich Vacuum Shoe Minimum Perturbation X a X 0 X b Decision Boundary 2 4/29/2019 Ali Harakeh 5

  6. UNCERTAINTY IN DNNS

  7. SOURCES OF UNCERTAINTY IN DNNS • Two sources of uncertainty exist in DNNs. • Epistemic (Model) Uncertainty: Captures the ignorance about which model generated our data. • Aleatoric (Observation) Uncertainty: Captures the inherent noise in the observations. Original Image Epsitemic Uncertainty Aleatoric Uncertainty 4/29/2019 Ali Harakeh 7

  8. CAPTURING EPISTEMIC UNCERTAINTY • Marginalizing over neural network parameters: Conv3-64 Conv3-64 Conv3-64 Soft Max FC-10 4/29/2019 Ali Harakeh 8

  9. CHANGE IN DECISION BOUNDARIES X 0 X a X b Decision Boundary 1 Decision Boundary 3 Ostrich Vacuum Shoe X a X 0 X b Decision Boundary 2 4/29/2019 Ali Harakeh 9

  10. CAPTURING ALEATORIC UNCERTAINTY • Heteroscedastic variance estimation: Conv3-64 Conv3-64 Conv3-64 Soft Max FC-10 4/29/2019 Ali Harakeh 10

  11. CHANGE IN DATA POINT X 0 X a X b Decision Boundary 1 Decision Boundary 3 Ostrich Vacuum Shoe X a X 0 X b Decision Boundary 2 4/29/2019 Ali Harakeh 11

  12. METHODOLOGY

  13. 13 Soft Max Soft Max Average Pool FC-10 Conv3-10 Conv3-64 Average Pool Conv3-64 Conv3-64 NEURAL NETWORKS AND DATASETS Conv3-64 Ali Harakeh Conv3-64 ConvNet On CIFAR10 ConvNet On MNIST 4/29/2019

  14. 14 Soft Max Soft Max Average Pool FC-10 Dropout Conv3-10 Conv3-64 Average Pool Dropout EPISTEMIC UNCERTAINTY: AN APPROXIMATION Dropout Conv3-64 Conv3-64 Dropout Dropout Conv3-64 Ali Harakeh Conv3-64 ConvNet On CIFAR10 ConvNet On MNIST 4/29/2019

  15. 15 Soft Max Soft Max Sampler Sampler Average Pool Average Pool FC-10 FC-10 Conv3-10 Conv3-10 Conv3-64 Average Pool Conv3-64 Conv3-64 Conv3-64 Conv3-64 ALEATORIC UNCERTAINTY ESTIMATION Ali Harakeh ConvNet On CIFAR10 ConvNet On MNIST 4/29/2019

  16. GENERATING ADVERSARIAL PERTURBATIONS • Use Cleverhans: https://github.com/tensorflow/cleverhans • Adversarial Attacks: Fast Gradient Sign Method (FGSM): Goodfellow et. Al. 1. Jacobian- Based Saliency Map Attacks (JSMA): Paparnot et. Al. 2. Carlini and Wagner Attacks : Carlini et. Al. 3. Black Box Attack : Papernot et. Al. 4. 4/29/2019 Ali Harakeh 16

  17. RESULTS

  18. RESULTS 4/29/2019 Ali Harakeh 18

  19. EPISTEMIC UNCERTAINTY ESTIMATION 4/29/2019 Ali Harakeh 19

  20. ALEATORIC UNCERTAINTY ESTIMATION 4/29/2019 Ali Harakeh 20

  21. BLACK BOX ATTACK 4/29/2019 Ali Harakeh 21

  22. MC-DROPOUT APPROXIMATION 4/29/2019 Ali Harakeh 22

  23. CONCLUSION

  24. QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ? 4/29/2019 Ali Harakeh 24

  25. ANSWER(S) • Adversarial perturbations cannot be distinguished as input noise through aleatoric uncertainty estimation. • Epistemic uncertainty estimation, manifested as Bayesian Neural Networks might be robust to adversarial attacks. • Results inconclusive, due to the lack of mathematical bounds on the approximation through ensembles and MC-Dropout. • Sufficient Conditions for Robustness to Adversarial Examples: a Theoretical and Empirical Study with Bayesian Neural Network. • https://openreview.net/forum?id=B1eZRiC9YX 4/29/2019 Ali Harakeh 25

  26. CONCLUSION • There is no easy way out of using robustness certification to guarantee safety of deep neural networks. • Even then, the mode of action of a specific type of adversarial attack needs to be taken into consideration. • Research Question : How to certify against black box attacks? 4/29/2019 Ali Harakeh 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000

1.2k views • 60 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Bayesian Deep Learning Barcelona, 2016-12-10 Speculation on Three Topics Can we

769 views • 21 slides
Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and

Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and

Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and Interpretability Zhanxing Zhu School of Mathematical Sciences, Peking University zhanxing.zhu@pku.edu.cn

1.02k views • 66 slides
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Uncertainty-Aware Food Recognition by Deep Learning Petia Radeva, Collaboration with: Eduardo

Uncertainty-Aware Food Recognition by Deep Learning Petia Radeva, Collaboration with: Eduardo

Uncertainty-Aware Food Recognition by Deep Learning Petia Radeva, Collaboration with: Eduardo Aguilar, Marc Bolaos University of Barcelona & Computer Vision Center radevap@gmail.com 11:01 The Diabetes pandemy Diabetic people need to

907 views • 51 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Preliminaries on adversarial robustness Classifier-dependent lower bounds Universal lower bounds Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis Dohmatob Limits on Robustness to Adversarial

763 views • 74 slides
Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

ICML 2020 Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch, martin.vechev@inf.ethz.ch Department of Computer Science 1 Adversarial Robustness panda gibbon Vision + = Explaining and Harnessing

429 views • 32 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld Zico Kolter Carnegie Mellon University Introduction We study a certified adversarial defense in " norm which scales to ImageNet

1.5k views • 12 slides
On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian Etmann , 1 , 3 , Sebastian Lunz , 2 , Peter Maass 1 , Carola-Bibiane Sch onlieb 2 13th June, 2019 1: ZeTeM, University of Bremen, 2: Cambridge

673 views • 19 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml Tutorial website: @zicokolter @aleks_madry adversarial-ml-tutorial.org Machine Learning: The Success Story Image classification Reinforcement Learning

528 views • 49 slides
Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on Aligned Artificial Intelligence Many thanks to Catherine Olsson for feedback on drafts The Alignment Problem (This is now fixed. Dont try it!)

626 views • 30 slides
CPSC 490 Finale Heavy-Light Decomposition and Suffix Array Lucca Siaudzionis and Jack

CPSC 490 Finale Heavy-Light Decomposition and Suffix Array Lucca Siaudzionis and Jack

CPSC 490 Finale Heavy-Light Decomposition and Suffix Array Lucca Siaudzionis and Jack Spalding-Jamieson 2020/04/07 University of British Columbia Announcements firt Congrats on [basically] finishing the course! Last reminder that

693 views • 30 slides
Lecture 2: Terminology and Definitions Abhinav Bhatele, Department of Computer Science

Lecture 2: Terminology and Definitions Abhinav Bhatele, Department of Computer Science

Introduction to Parallel Computing (CMSC498X / CMSC818X) Lecture 2: Terminology and Definitions Abhinav Bhatele, Department of Computer Science Announcements Piazza space for the course is live. Sign up link:

413 views • 22 slides
Truth On The Web Ministries & A Church of God at Woodstock, IL WWW.TOTW.ORG When

Truth On The Web Ministries & A Church of God at Woodstock, IL WWW.TOTW.ORG When

Truth On The Web Ministries & A Church of God at Woodstock, IL WWW.TOTW.ORG When through fiery trials thy pathway shall lie, My grace, all sufficient, shall be thy supply: The flame shall not hurt thee; I only design Thy dross to

861 views • 60 slides
Life Never Ends RESOURCES George Anderson Lessons from the Light Michael Newton Journey

Life Never Ends RESOURCES George Anderson Lessons from the Light Michael Newton Journey

Life Never Ends RESOURCES George Anderson Lessons from the Light Michael Newton Journey of Souls; Memories of the Afterlife Eben Alexander MD Proof of Heaven Anita Moorjani Dying to Be Me Judith Orloff MD The Power of

800 views • 16 slides
A Two-Factor Error Model for Quantitative Steganalysis Security, Steganography and Watermarking

A Two-Factor Error Model for Quantitative Steganalysis Security, Steganography and Watermarking

A TWO-FACTOR ERROR MODEL FOR QUANTITATIVE STEGANALYSIS A Two-Factor Error Model for Quantitative Steganalysis Security, Steganography and Watermarking of Multimedia Contents SPIE 2006 San Jos California USA Rainer Bhme

574 views • 29 slides
Bayesian Multi-Fidelity Optimization under Uncertainty Phaedon S. Koutsourelakis Maximilian

Bayesian Multi-Fidelity Optimization under Uncertainty Phaedon S. Koutsourelakis Maximilian

Bayesian Multi-Fidelity Optimization under Uncertainty Phaedon S. Koutsourelakis Maximilian Koschade p.s.koutsourelakis@tum.de maximilian.koschade@tum.de Continuum Mechanics Group Department of Mechanical Engineering Technical University of

748 views • 35 slides
AASHTO SCOPM TASK FORCE WORKSHOP ON MAP-21 NATIONAL PERFORMANCE MEASURES TARGET-SETTING JUNE

AASHTO SCOPM TASK FORCE WORKSHOP ON MAP-21 NATIONAL PERFORMANCE MEASURES TARGET-SETTING JUNE

AASHTO SCOPM TASK FORCE WORKSHOP ON MAP-21 NATIONAL PERFORMANCE MEASURES TARGET-SETTING JUNE 13, 2013 AASHTO Hall of States Building, 444 North Capitol Street, NW, Room 383-385 Washington, DC Supported)by)the)NCHRP)20424)program) Workshop

355 views • 22 slides
Data driven tests for homoscedastic linear regression model Tadeusz Inglot and Teresa Ledwina

Data driven tests for homoscedastic linear regression model Tadeusz Inglot and Teresa Ledwina

Data driven tests for homoscedastic linear regression model Tadeusz Inglot and Teresa Ledwina Model and null hypothesis Z = ( X, Y ) random vector in [0 , 1] R, X, independent, distributions of X E f = 0 , = E f 2 (0 , ) ,

423 views • 5 slides

More recommend