reinforcing adversarial robustness using model confidence
play

Reinforcing Adversarial Robustness using Model Confidence Induced by - PowerPoint PPT Presentation

Mar 18, 2024 •641 likes •740 views

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

  1. Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial Training 1 / 9

  2. Entirely wrong behavior of confidence naturally trained neural network: Xi Wu Model Confidence and Adversarial Training 2 / 9 • Small perturbations can cause highly confident but wrong predictions. • An example from (Goodfellows, Shlens, and Szegedy, ICLR 2015), on a

  3. A betuer behavior give natural data manifolds) Xi Wu Model Confidence and Adversarial Training 3 / 9 • Low confidence if the model “does not learn/know it.” • An intuitively good model for classifying pandas and gibbons (disks

  4. Main contributions of this work data distribution. Xi Wu Model Confidence and Adversarial Training 4 / 9 • In a precise formal sense, adversarial training by (Madry et al., ICLR 2017) gives betuer behavior of model confidence for points near the • The betuer behavior of model confidence induced by adversarial training can be used to improve adversarial robustness.

  5. Defining good behaviors of confidence (1/2) Intuition : Confident predictions of difgerent classes should be well separated. Xi Wu Model Confidence and Adversarial Training 5 / 9 A bad ( x , y ) ∼ D with poor confidence separation:

  6. Pr Defining good behaviors of confidence (2/2) Xi Wu Model Confidence and Adversarial Training 6 / 9 • D : Data generating distribution; d ( · , · ) : A distance metric; p, q ∈ [0 , 1] , δ ≥ 0 . • Bad event (Neighborhood has p -confident wrong predictions): B = {∃ y ′ ̸ = y, x ′ ∈ N ( x , δ ) , F θ ( x ′ ) y ′ ≥ p } • F is said to have ( p, q, δ ) -separation if [ ] B ≤ q. ( x ,y ) ∼D

  7. Adversarial Training by Madry et al. max Model Confidence and Adversarial Training Xi Wu Theorem (Informal, this work) Adversarial training formulation of Madry et al.: 7 / 9 minimize ρ ( θ ) , [ ] where ρ ( θ ) = ∆ ∈S L ( θ, x + ∆ , y ) E , ( x ,y ) ∼D For a large family of loss functions L , models trained as above achieve good ( p, q, δ ) -separation, where as p → 1 , q → 0 .

  8. Empirical results (summary) confidence-based defenses (as well as gradient-masking efgect). baseline model of Madry et al. two neighbors with highest confidences. Xi Wu Model Confidence and Adversarial Training 8 / 9 • We generate high-confidence atuacks in order to bypass • Finding 1: Confidence of models trained using Madry et al.’s objective behave much betuer than their natural counterparts. • Finding 2: A simple “nearest neighbor search” based on confidence corrects 20 % ∼ 25 % targeted adversarial examples that fool the • Finding 3: For > 98 % of test instances, correct label can be found in

  9. Qvestions? Please come to our poster session if you want to know more details! Xi Wu Model Confidence and Adversarial Training 9 / 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias Hein, Bernt Schiele 2-Minute Overview Problem: Robustness to various adversarial examples. Adversarial training on L adversarial examples:

635 views • 34 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000

1.2k views • 60 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Beyond the Pixels: Exploring the Effect of Video File Corruptions on Model Robustness Trenton

Beyond the Pixels: Exploring the Effect of Video File Corruptions on Model Robustness Trenton

Beyond the Pixels: Exploring the Effect of Video File Corruptions on Model Robustness Trenton Chang Daniel Y. Fu Yixuan Li Christopher R Stanford University Workshop on Adversarial Robustness in the Real World, ECCV 2020

280 views • 13 slides
Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Bayesian Deep Learning Barcelona, 2016-12-10 Speculation on Three Topics Can we

769 views • 21 slides
Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Preliminaries on adversarial robustness Classifier-dependent lower bounds Universal lower bounds Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis Dohmatob Limits on Robustness to Adversarial

763 views • 74 slides
Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

ICML 2020 Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch, martin.vechev@inf.ethz.ch Department of Computer Science 1 Adversarial Robustness panda gibbon Vision + = Explaining and Harnessing

429 views • 32 slides
How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu

How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu

How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu Chen IBM Research AI OReilly AI Conference @ London 2018 IBM Research AI Label it! IBM Research AI Label it! AI model says: ostrich IBM

852 views • 36 slides
Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld Zico Kolter Carnegie Mellon University Introduction We study a certified adversarial defense in " norm which scales to ImageNet

1.5k views • 12 slides
On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian Etmann , 1 , 3 , Sebastian Lunz , 2 , Peter Maass 1 , Carola-Bibiane Sch onlieb 2 13th June, 2019 1: ZeTeM, University of Bremen, 2: Cambridge

673 views • 19 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ?

1.14k views • 26 slides
Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml Tutorial website: @zicokolter @aleks_madry adversarial-ml-tutorial.org Machine Learning: The Success Story Image classification Reinforcement Learning

528 views • 49 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
Regularization for Deep Learning Lecture slides for Chapter 7 of Deep Learning

Regularization for Deep Learning Lecture slides for Chapter 7 of Deep Learning

Regularization for Deep Learning Lecture slides for Chapter 7 of Deep Learning www.deeplearningbook.org Ian Goodfellow 2016-09-27 Definition Regularization is any modification we make to a learning algorithm that is intended to reduce

179 views • 13 slides
React A"JavaScript"Library"For"Building"User"Interfaces

React A"JavaScript"Library"For"Building"User"Interfaces

React A"JavaScript"Library"For"Building"User"Interfaces React&is&not&FRP [Func&onal]+Reac&ve+programming+is+programming+with+ asynchronous+data+streams. !!"Andr"Staltz 1 1

916 views • 24 slides
Interplay between the Beale-Kato-Majda theorem and the analyticity-strip method to investigate

Interplay between the Beale-Kato-Majda theorem and the analyticity-strip method to investigate

Interplay between the Beale-Kato-Majda theorem and the analyticity-strip method to investigate numerically the incompressible Euler singularity problem Miguel Bustamante and Marc Brachet " s w o fl d n a s e l c i t r a p

1.02k views • 45 slides
pix ) pclx : Likelihood : arggrax Posterior piy.ES/pc5 ) pcxly ) : = |dEpc5 )

pix ) pclx : Likelihood : arggrax Posterior piy.ES/pc5 ) pcxly ) : = |dEpc5 )

Inference Recap Bayesian : Prior pix ) pclx : Likelihood : arggrax Posterior piy.ES/pc5 ) pcxly ) : = |dEpc5 ) Evidence pcj ) = : |dEp(y*lI)pcEl5 ( Marginal likelihood ) - MAP - - u plyix ) : pcxly )

863 views • 20 slides
Nonce-based Encryption Formalized by Rogaway Primary Condition Uniqueness of the nonce

Nonce-based Encryption Formalized by Rogaway Primary Condition Uniqueness of the nonce

Dhiman Saha 1 , Sukhendu Kuila 2 , Dipanwita Roy Chowdhury 1 1 Dept. Of Computer Science & Engineering, IIT Kharagpur, INDIA 2 Dept. Of Mathematics, Vidyasagar University, INDIA DIAC 2014, Santa Barbara, USA Nonce-based Encryption

298 views • 19 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
AT&T Research at TRECVID 2013: Surveillance Event Detection Xiaodong Yang * , Zhu Liu ,

AT&T Research at TRECVID 2013: Surveillance Event Detection Xiaodong Yang * , Zhu Liu ,

AT&T Research at TRECVID 2013: Surveillance Event Detection Xiaodong Yang * , Zhu Liu , Eric Zavesky , David Gibbon , Behzad Shahraray City College of New York, CUNY AT&T Labs - Research *This work is carried out

637 views • 41 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides

More recommend