adversarial domain adaptation and adversarial robustness
play

Adversarial Domain Adaptation and Adversarial Robustness Judy - PowerPoint PPT Presentation

Nov 18, 2022 •579 likes •1.2k views

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000

  1. Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman

  2. + = Big Deep success data learning

  3. Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 
 80 Deep models 75 Challenge to recognize 
 1000 categories 70 2010 2011 2012 2013 2014 2015 2016 2017

  4. Dataset Bias ? Test Image Deep Model

  5. Dataset Bias ? Test Image Deep Model

  6. Dataset Bias Dog is not recognized ? Test Image Deep Model

  7. Dataset Bias

  8. Dataset Bias Low resolution

  9. Dataset Bias Motion Blur Low resolution

  10. Dataset Bias Motion Blur Pose Variety Low resolution

  11. Why not collect new annotations?

  12. Why not collect new annotations? Sky Car Vegetation Road Street Sign Sidewalk Building Person

  13. Why not collect new annotations? Expensive 
 ($10-12 per image) Sky Car Vegetation Road Street Sign Sidewalk Building Person

  14. Why not collect new annotations? Expensive 
 ($10-12 per image) Sky Car Large Potential for Change Vegetation Road Different: Weather, City, Car Street Sign Sidewalk Building Person

  15. Why not collect new annotations? Proprietary Private

  16. Domain Adaptation : Train on Source Test on Target Adapt Source Domain Target Domain ∼ P T ( X T , Y T ) ∼ P S ( X S , Y S ) lots of labeled data unlabeled or limited labels

  17. Adversarial Domain Adaptation bottle y s Source feature 
 vector Classifier Source x s CNN Source Data Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman * , Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.

  18. Adversarial Domain Adaptation bottle y s Source feature 
 vector Classifier Source x s CNN Source Data Target feature 
 vector Target x t CNN Target Data Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman * , Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.

  19. Adversarial Domain Adaptation bottle y s Source feature 
 vector Classifier Source x s CNN Source Data Target feature 
 vector Minimize Discrepancy Target x t CNN Target Data Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman * , Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.

  20. Adversarial Domain Adaptation bottle y s Source feature 
 vector Classifier Domain 
 Classifier Source x s CNN Source Data Target feature 
 vector Minimize Discrepancy Target x t CNN Target Data Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman * , Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.

  21. Adversarial Domain Adaptation bottle y s Source feature 
 vector Classifier Adversarial 
 Domain 
 Loss Classifier Source x s CNN Source Data Target feature 
 vector Minimize Discrepancy Target x t CNN Target Data Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman * , Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.

  22. Adversarial Domain Adaptation bottle y s Classifier Adversarial 
 Domain 
 Loss Classifier Source CNN Source Data Minimize Discrepancy Target Data Liu 2016. Taigman 2016. Bousmalis 2017. Liu 2017. Kim 2017. Sankaranarayanan 2018. Hoffman 2018.

  23. CyCADA: Cycle Consistent Adversarial DA Semantically Source Data Consistent Domain Adversarial Source to Target Cycle Consistent Target to Source Target Data Reconstructed 
 Source Data Hoffman et.al. ICML 2018

  24. Synthetic to Real Pixel Adaptation Train Test GTA (synthetic) CityScapes (Germany) Hoffman et.al. ICML 2018

  25. Synthetic to Real Pixel Adaptation Hoffman et.al. ICML 2018

  26. Synthetic to Real Pixel Adaptation Hoffman et.al. ICML 2018

  27. Synthetic to Real Pixel Adaptation Zhu*, Park*, Isola, Efros. ICCV 2017.

  28. Synthetic to Real Pixel Adaptation Zhu*, Park*, Isola, Efros. ICCV 2017.

  29. CyCADA Results: CityScapes Evaluation Car CityScapes Image Ground Truth Road Sidewalk Person Sky Vegetation Street Sign Building Before Adaptation After Adaptation Hoffman et.al. ICML 2018

  30. CyCADA Results: CityScapes Evaluation Car CityScapes Image Ground Truth Road Sidewalk Person Sky Vegetation Street Sign Building Before Adaptation After Adaptation Hoffman et.al. ICML 2018

  31. CyCADA Results: CityScapes Evaluation Car CityScapes Image Ground Truth Road Sidewalk Person Sky Vegetation Street Sign Building Before Adaptation After Adaptation Hoffman et.al. ICML 2018

  32. So Far: Adapting to Natural Shifts Adapt

  33. So Far: Adapting to Natural Shifts Adapt

  34. What about adversarial shifts?

  35. Adversarial Examples + . 007 ⇥ = x + sign ( r x J ( θ , x , y )) x ✏ sign ( r x J ( θ , x , y )) “panda” “nematode” “gibbon” 57.7% confidence 8.2% confidence 99.3 % confidence Goodfellow et al. ICLR 2015.

  36. Visualize Perturbation Space

  37. Visualize Perturbation Space Training point 28 28

  38. Visualize Perturbation Space Training point Vectorize 28 784 28

  39. Visualize Perturbation Space Training point Vectorize 28 784 Project onto random 2D 28 orthonormal basis

  40. Visualize Perturbation Space Training point Vectorize Sweep over a grid of perturbations 28 784 Project onto random 2D 28 orthonormal basis

  41. Visualize Perturbation Space Training point Vectorize Sweep over a grid of perturbations 28 784 Project onto random 2D 28 Perturbed Image orthonormal basis

  42. Visualize Perturbation Space Training point Vectorize Sweep over a grid of Model Score perturbations 28 784 Project onto random 2D 28 Perturbed Image orthonormal basis

  43. MNIST LeNet Decisions Around Training Point

  44. MNIST LeNet Decisions Around Training Point Training Data Point

  45. MNIST LeNet Decisions Around Training Point Training Data Point

  46. MNIST LeNet Decisions Around Training Point Non-smooth Decision Boundary Training Data Point

  47. MNIST LeNet Decisions Around Training Point Non-smooth Decision Boundary Training Small perturbations Data Point lead to new outputs

  48. MNIST LeNet with L2 Regularization Smooth Decision Boundary Small perturbations lead to new outputs

  49. MNIST LeNet with L2 Regularization Smooth Decision Boundary Small perturbations lead to new outputs

  50. Jacobian Regularization y s bottle score vector x s Classifier z s Hoffman, Roberts, Yaida, In submission, 2019.

  51. Jacobian Regularization y s bottle score vector x s Classifier z s Input-output 
 Jacobian matrix J c,i = ∂ z c ∂ x i Hoffman, Roberts, Yaida, In submission, 2019.

  52. Jacobian Regularization y s bottle score vector x s Classifier z s Input-output 
 Minimize 
 Jacobian matrix Frobenius Norm J c,i = ∂ z c || J || 2 F ∂ x i Hoffman, Roberts, Yaida, In submission, 2019.

  53. MNIST LeNet with Jacobian Regularization Mostly Smooth Decision Boundary Larger perturbations needed to lead to new outputs

  54. MNIST LeNet with Jacobian Regularization Mostly Smooth Decision Boundary Larger perturbations needed to lead to new outputs

  55. Decision Boundary Comparison No 
 L2 
 Jacobian 
 Regularization Regularization Regularization Hoffman, Roberts, Yaida, In submission, 2019.

  56. Robustness to Random Perturbations MNIST LeNet Model Hoffman, Roberts, Yaida, In submission, 2019.

  57. Robustness to Adversarial Perturbations Hoffman, Roberts, Yaida, In submission, 2019.

  58. Next Steps Jacobian regularizer as unsupervised adaptive loss? Domain Adversarial Adaptation Robustness Adaptation to an adversarial domain?

  59. Thank you Taesung Park Jun-Yan Zhu Dan Roberts Eric Tzeng UC Berkeley MIT Diffeo UC Berkeley Phil Isola Kate Saenko Trevor Darrell Alyosha Efros Sho Yaida MIT Boston University UC Berkeley UC Berkeley FAIR

  60. Judy Hoffman judyhoffman.io

Recommend

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Bayesian Deep Learning Barcelona, 2016-12-10 Speculation on Three Topics Can we

769 views • 21 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation Guoqing Wang 1,3 , Hu Han , 1,2 , Shiguang Shan 1,2,3,4 , and Xilin Chen 1,3 1 Key Laboratory of Intelligent Information Processing of Chinese Academy

130 views • 8 slides
Domain Adaptation with Adversarial Training and Graph Embeddings Firoj Alam Shafiq Joty

Domain Adaptation with Adversarial Training and Graph Embeddings Firoj Alam Shafiq Joty

Domain Adaptation with Adversarial Training and Graph Embeddings Firoj Alam Shafiq Joty Muhammad Imran @firojalam04 @mimran15 Qatar Computing Research Institute (QCRI), HBKU, Qatar School of Computer Science and Engineering Nanyang

986 views • 33 slides
Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Preliminaries on adversarial robustness Classifier-dependent lower bounds Universal lower bounds Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis Dohmatob Limits on Robustness to Adversarial

763 views • 74 slides
Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld Zico Kolter Carnegie Mellon University Introduction We study a certified adversarial defense in " norm which scales to ImageNet

1.5k views • 12 slides
Transferability vs. Discriminability: Batch Spectral Penalization for Adversarial Domain

Transferability vs. Discriminability: Batch Spectral Penalization for Adversarial Domain

Transferability vs. Discriminability: Batch Spectral Penalization for Adversarial Domain Adaptation Xinyang Chen, Sinan Wang, Mingsheng Long, Jianmin Wang School of Software BNRist, Research Center for Big Data Tsinghua University

363 views • 9 slides
Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

ICML 2020 Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch, martin.vechev@inf.ethz.ch Department of Computer Science 1 Adversarial Robustness panda gibbon Vision + = Explaining and Harnessing

429 views • 32 slides
ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ?

1.14k views • 26 slides
On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian Etmann , 1 , 3 , Sebastian Lunz , 2 , Peter Maass 1 , Carola-Bibiane Sch onlieb 2 13th June, 2019 1: ZeTeM, University of Bremen, 2: Cambridge

673 views • 19 slides
Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias Hein, Bernt Schiele 2-Minute Overview Problem: Robustness to various adversarial examples. Adversarial training on L adversarial examples:

635 views • 34 slides
Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml Tutorial website: @zicokolter @aleks_madry adversarial-ml-tutorial.org Machine Learning: The Success Story Image classification Reinforcement Learning

528 views • 49 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on Aligned Artificial Intelligence Many thanks to Catherine Olsson for feedback on drafts The Alignment Problem (This is now fixed. Dont try it!)

626 views • 30 slides
Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer,

Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer,

Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana Columbia University Code: https://github.com/columbia/pixeldp Contact:

680 views • 48 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
Benchmarking Adversarial Robustness on Image Classification Yinpeng Dong, Qi-An Fu, Xiao Yang,

Benchmarking Adversarial Robustness on Image Classification Yinpeng Dong, Qi-An Fu, Xiao Yang,

Benchmarking Adversarial Robustness on Image Classification Yinpeng Dong, Qi-An Fu, Xiao Yang, Tianyu Pang, Zihao Xiao, Hang Su, Jun Zhu Dept. of Comp. Sci. and Tech., BNRist Center, Institute for AI, THBI Lab, Tsinghua University, Beijing,

417 views • 6 slides
Scalable Differential Privacy with Certified Robustness in Adversarial Learning NhatHai Phan 1 ,

Scalable Differential Privacy with Certified Robustness in Adversarial Learning NhatHai Phan 1 ,

The 37th International Conference on Machine Learning (ICML20), Jul 12 th - 18 th , 2020. Scalable Differential Privacy with Certified Robustness in Adversarial Learning NhatHai Phan 1 , My T. Thai 2 , Han Hu 1 , Ruoming Jin 3 , Tong Sun 4 ,

860 views • 23 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and

Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and

Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and Interpretability Zhanxing Zhu School of Mathematical Sciences, Peking University zhanxing.zhu@pku.edu.cn

1.02k views • 66 slides
Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas

Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas

Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Nicholas Carlini Google Research Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples Lessons Learned from Evaluating the

1.28k views • 127 slides

More recommend