adversarial machine learning
play

Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research - PowerPoint PPT Presentation

Progressive GAN CoGAN LR-GAN MedGAN CGAN IcGAN A ff GAN DiscoGAN LS-GAN BIM LAPGAN MPM-GAN AdaGAN FGSM iGAN LSGAN InfoGAN IAN ATN Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain McGAN


  1. Progressive GAN CoGAN LR-GAN MedGAN CGAN IcGAN A ff GAN DiscoGAN LS-GAN BIM LAPGAN MPM-GAN AdaGAN FGSM iGAN LSGAN InfoGAN IAN ATN Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain McGAN BPDA South Park Commons FF-GAN MGAN BS-GAN DR-GAN San Francisco, 2018-05-24 C-RNN-GAN C-VAE-GAN DCGAN CCGAN AC-GAN MAGAN 3D-GAN BiGAN Adversarial Training CycleGAN GAWWN Gradient Masking Bayesian GAN AnoGAN SN-GAN EBGAN DTN MAD-GAN Context-RNN-GAN ALI BEGAN AL-CGAN f-GAN ArtGAN PGD MalGAN

  2. Adversarial Machine Learning Traditional ML: Adversarial ML: optimization game theory Equilibrium Minimum One player, More than one player, one cost more than one cost (Goodfellow 2017)

  3. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  4. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  5. Generative Modeling: Sample Generation Training Data Sample Generator (CelebA) (Karras et al, 2017) (Goodfellow 2018)

  6. Adversarial Nets Framework D tries to make D(G(z)) near 0, D (x) tries to be G tries to make near 1 D(G(z)) near 1 Di ff erentiable D function D x sampled from x sampled from data model Di ff erentiable function G Input noise z (Goodfellow et al., 2014) (Goodfellow 2018)

  7. GANs for simulated training data (Shrivastava et al., 2016) (Goodfellow 2018)

  8. Unsupervised Image-to-Image Translation Day to night (Liu et al., 2017) (Goodfellow 2018)

  9. CycleGAN (Zhu et al., 2017) (Goodfellow 2018)

  10. Designing DNA to optimize protein binding (Killoran et al, 2017) (Goodfellow 2018)

  11. Personalized GANufacturing (Hwang et al 2018) (Goodfellow 2018)

  12. Self-Attention GAN State of the art FID on ImageNet: 1000 categories, 128x128 pixels Goldfish Redshank Geyser Tiger Cat Broccoli Stone Wall Indigo Bunting (Zhang et al, 2018) Saint Bernard (Goodfellow 2018)

  13. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  14. Adversarial Examples X θ ˆ y x (Goodfellow 2017)

  15. Adversarial Examples in the Physical World (Kurakin et al, 2016) (Goodfellow 2017)

  16. Training on Adversarial Examples 10 0 Train=Clean, Test=Clean Test misclassification rate Train=Clean, Test=Adv Train=Adv, Test=Clean 10 − 1 Train=Adv, Test=Adv 10 − 2 0 50 100 150 200 250 300 Training time (epochs) (CleverHans tutorial, using method of Goodfellow et al 2014) (Goodfellow 2017)

  17. Adversarial Logit Pairing Logit pairing State of the art defense on ImageNet clean adv logits logits Adversarial perturbation (Kannan et al, 2018) (Goodfellow 2018)

  18. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  19. Adversarial Examples for RL (Huang et al., 2017) (Goodfellow 2017)

  20. Self-Play 1959: Arthur Samuel’s checkers agent (OpenAI, 2017) (Silver et al, 2017) (Bansal et al, 2017) (Goodfellow 2017)

  21. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  22. Extreme Reliability • We want extreme reliability for • Autonomous vehicles • Air tra ffi c control • Surgery robots • Medical diagnosis, etc. • Adversarial machine learning research techniques can help with this • Katz et al 2017: verification system, applied to air tra ffi c control (Goodfellow 2017)

  23. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  24. Supervised Discriminator for Semi-Supervised Learning Real cat Real dog Fake Real Fake Learn to read with Hidden Hidden units units 100 labels rather than 60,000 Input Input (Odena 2016, Salimans et al 2016) (Goodfellow 2018)

  25. Virtual Adversarial Training Miyato et al 2015: regularize for robustness to adversarial perturbations of unlabeled data (Oliver+Odena+Ra ff el et al, 2018) (Goodfellow 2018)

  26. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  27. Privacy of training data ˆ θ X X (Goodfellow 2018)

  28. Defining ( ε , δ )-Di ff erential Privacy (Abadi 2017) (Goodfellow 2018)

  29. Private Aggregation of Teacher Ensembles (Papernot et al 2016) (Goodfellow 2018)

  30. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  31. Domain Adaptation • Domain Adversarial Networks (Ganin et al, 2015) • Professor forcing (Lamb et al, 2016): Domain- Adversarial learning in RNN hidden state (Goodfellow 2017)

  32. GANs for domain adaptation (Bousmalis et al., 2016) (Ra ff el, 2017)

  33. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  34. Adversarially Learned Fair Representations • Edwards and Storkey 2015 • Learn representations that are useful for classification • An adversary tries to recover a sensitive variable S from the representation. Primary learner tries to make S impossible to recover • Final decision does not depend on S (Goodfellow 2017)

  35. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  36. How do machine learning models work? (Goodfellow et al, 2014) Interpretability literature: our analysis tools show that deep nets work about how you would expect them to. Adversarial ML literature: ML models are very easy to fool and even linear models work in counter-intuitive ways. (Selvaraju et al, 2016) (Goodfellow 2017)

  37. A Cambrian Explosion of Machine Learning Research Topics Make ML work Generative ML+neuroscience Modeling Accountability Security and Transparency RL Fairness Extreme reliability Domain adaptation Label Privacy e ffi ciency (Goodfellow 2017)

  38. Adversarial Examples that Fool both Human and Computer Vision Gamaleldin et al 2018 (Goodfellow 2017)

  39. Questions (Goodfellow 2018)

Recommend


More recommend