adversarial training and robustness for multiple
play

Adversarial Training and Robustness for Multiple Perturbations - PowerPoint PPT Presentation

Jun 21, 2023 •328 likes •564 views

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

  1. Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramèr & Dan Boneh NeurIPS 2019

  2. Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial Training and Robustness for Multiple Perturbations

  3. Adversarial examples 88% Tabby Cat 99% Guacamole • ML models learn very different features than humans • This is a safety concern for deployed ML models • Classification in adversarial settings is hard Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial Training and Robustness for Multiple Perturbations

  4. Adversarial training Szegedy et al., 2014 Madry et al., 2017 Adversarial Training and Robustness for Multiple Perturbations

  5. Adversarial training 1. Choose a set of perturbations: e.g., noise of small ℓ ∞ norm: Szegedy et al., 2014 Madry et al., 2017 Adversarial Training and Robustness for Multiple Perturbations

  6. Adversarial training 1. Choose a set of perturbations: e.g., noise of small ℓ ∞ norm: 2. For each example , find an adversarial example: 3. Train the model on 4. Repeat until convergence Szegedy et al., 2014 Madry et al., 2017 Adversarial Training and Robustness for Multiple Perturbations

  7. How well does it work? ℓ 1 noise Rotation Engstrom et al., 2017 Sharma & Chen, 2018 Adversarial Training and Robustness for Multiple Perturbations

  8. � � How well does it work? Adversarial training on CIFAR10, with ℓ ∞ noise 96% accuracy 70% 16% 9% No noise ℓ 1 noise ℓ ∞ noise Rotation Engstrom et al., 2017 Sharma & Chen, 2018 Adversarial Training and Robustness for Multiple Perturbations

  9. � � � � How well does it work? Adversarial training on CIFAR10, with ℓ ∞ noise 96% accuracy 70% 16% 9% No noise ℓ 1 noise ℓ ∞ noise Rotation Engstrom et al., 2017 Sharma & Chen, 2018 Adversarial Training and Robustness for Multiple Perturbations

  10. How to prevent other adversarial examples? Adversarial Training and Robustness for Multiple Perturbations

  11. � � � How to prevent other adversarial examples? S 2 = { δ : ❘❘ δ ❘❘ 1 ≤ ε 1 } S 1 = { δ : ❘❘ δ ❘❘ ∞ ≤ ε ∞ } S 3 = { 𝜀 : « small rotation » } Adversary can choose a perturbation type for each input Adversarial Training and Robustness for Multiple Perturbations

  12. � � � How to prevent other adversarial examples? S 2 = { δ : ❘❘ δ ❘❘ 1 ≤ ε 1 } S 1 = { δ : ❘❘ δ ❘❘ ∞ ≤ ε ∞ } S 3 = { 𝜀 : « small rotation » } Adversary can choose a perturbation S = S 1 ⋃ S 2 ⋃ S 3 type for each input • Pick worst-case adversarial example from S • Train the model on that example Adversarial Training and Robustness for Multiple Perturbations

  13. Does this work? Adversarial Training and Robustness for Multiple Perturbations

  14. Does this work? Adversarial Training and Robustness for Multiple Perturbations

  15. Does this work? A robustness tradeoff is provably inherent in some classification tasks Increased robustness to one type of noise ⇒ decreased robustness to another Empirically validated on CIFAR10 & MNIST Adversarial Training and Robustness for Multiple Perturbations

  16. Does this work? A robustness tradeoff is provably inherent in some classification tasks Increased robustness to one type of noise ⇒ decreased robustness to another Empirically validated on CIFAR10 & MNIST MNIST: Adversarial Training and Robustness for Multiple Perturbations

  17. Does this work? A robustness tradeoff is provably inherent in some classification tasks Increased robustness to one type of noise ⇒ decreased robustness to another Empirically validated on CIFAR10 & MNIST For ℓ ∞ , ℓ 1 and ℓ 2 noise: MNIST: 50% accuracy Adversarial Training and Robustness for Multiple Perturbations

  18. Does this work? A robustness tradeoff is provably inherent in some classification tasks Increased robustness to one type of noise ⇒ decreased robustness to another Empirically validated on CIFAR10 & MNIST For ℓ ∞ , ℓ 1 and ℓ 2 noise: gradient MNIST: masking 50% accuracy Adversarial Training and Robustness for Multiple Perturbations

  19. What if we combine perturbations? Adversarial Training and Robustness for Multiple Perturbations

  20. � � � � What if we combine perturbations? natural image rotation ℓ ∞ noise ½ rotation + ½ ℓ ∞ noise Adversarial Training and Robustness for Multiple Perturbations

  21. � � � � What if we combine perturbations? natural image rotation ℓ ∞ noise ½ rotation + ½ ℓ ∞ noise 96% Accuracy 70% 65% 55% One noise One of two Mixture of two No noise type noise types noise types Adversarial Training and Robustness for Multiple Perturbations

  22. Conclusion Adversarial training for multiple perturbation sets works, but... • Significant loss in robustness • Weak robustness to affine combinations of perturbations Poster #87 https://arxiv.org/abs/1904.13000 Adversarial Training and Robustness for Multiple Perturbations

  23. Conclusion Adversarial training for multiple perturbation sets works, but... • Significant loss in robustness • Weak robustness to affine combinations of perturbations Open questions: Poster #87 Train a single MNIST model with high robustness to any ℓ p noise • • Better scaling of multi-perturbation adversarial training • Which perturbations do we care about? https://arxiv.org/abs/1904.13000 Adversarial Training and Robustness for Multiple Perturbations

Recommend

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias Hein, Bernt Schiele 2-Minute Overview Problem: Robustness to various adversarial examples. Adversarial training on L adversarial examples:

635 views • 34 slides
Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and

Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and

Adversarial Training for Deep Learning : A Framework for Improving Robustness, Generalization and Interpretability Zhanxing Zhu School of Mathematical Sciences, Peking University zhanxing.zhu@pku.edu.cn

1.02k views • 66 slides
Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000

1.2k views • 60 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Bayesian Deep Learning Barcelona, 2016-12-10 Speculation on Three Topics Can we

769 views • 21 slides
Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Preliminaries on adversarial robustness Classifier-dependent lower bounds Universal lower bounds Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis Dohmatob Limits on Robustness to Adversarial

763 views • 74 slides
Multi-objective training of Generative Adversarial Networks with multiple discriminators Isabela

Multi-objective training of Generative Adversarial Networks with multiple discriminators Isabela

Multi-objective training of Generative Adversarial Networks with multiple discriminators Isabela Albuquerque , Jo ao Monteiro , Thang Doan, Breandan Considine, Tiago Falk, and Ioannis Mitliagkas Equal contribution 1 / 11 The

496 views • 15 slides
Where Are We? Lecture 9 Robustness through Training 1 Robustness Explicit Handling of Noise

Where Are We? Lecture 9 Robustness through Training 1 Robustness Explicit Handling of Noise

Where Are We? Lecture 9 Robustness through Training 1 Robustness Explicit Handling of Noise and Channel Variations 2 Michael Picheny, Bhuvana Ramabhadran, Stanley F. Chen Robustness via Adaptation 3 IBM T.J. Watson Research Center

256 views • 22 slides
Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

ICML 2020 Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch, martin.vechev@inf.ethz.ch Department of Computer Science 1 Adversarial Robustness panda gibbon Vision + = Explaining and Harnessing

429 views • 32 slides
Interpretability and Robustness for Multi-Hop QA Mohit Bansal (MRQA-EMNLP 2019 Workshop) 1

Interpretability and Robustness for Multi-Hop QA Mohit Bansal (MRQA-EMNLP 2019 Workshop) 1

Interpretability and Robustness for Multi-Hop QA Mohit Bansal (MRQA-EMNLP 2019 Workshop) 1 Multihop-QAs Diverse Requirements Interpretability and Modularity Multiple Reasoning Chains Assembling Adversarial Shortcut Robustness

947 views • 52 slides
Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning

Friendly Adversarial Training: Attacks Which Do Not Kill Training Make Adversarial Learning Stronger Jingfeng Zhang 1 * , Xilie Xu 2* , Bo Han 34 , Gang Niu 4 , Lichen Cui 5 , Masashi Sugiyama 46 , and Mohan Kankanhalli 1 1 Department of Computer

376 views • 14 slides
Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld Zico Kolter Carnegie Mellon University Introduction We study a certified adversarial defense in " norm which scales to ImageNet

1.5k views • 12 slides
On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian Etmann , 1 , 3 , Sebastian Lunz , 2 , Peter Maass 1 , Carola-Bibiane Sch onlieb 2 13th June, 2019 1: ZeTeM, University of Bremen, 2: Cambridge

673 views • 19 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ?

1.14k views • 26 slides
Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml Tutorial website: @zicokolter @aleks_madry adversarial-ml-tutorial.org Machine Learning: The Success Story Image classification Reinforcement Learning

528 views • 49 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
Understanding and Mitigating the Tradeoff Between Robustness and Accuracy Aditi Raghunathan*

Understanding and Mitigating the Tradeoff Between Robustness and Accuracy Aditi Raghunathan*

Understanding and Mitigating the Tradeoff Between Robustness and Accuracy Aditi Raghunathan* Sang Michael Xie* Fanny Yang John C. Duchi Percy Liang Stanford University Adversarial examples Standard training leads to models that are not

619 views • 50 slides
A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for

A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for

Adversarial Training for MCMC Shengjia Zhao Stefano Ermon March 7, 2018 Stanford University A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for Markov Chains 4. Adversarial Training for MCMC 5.

851 views • 58 slides
Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on Aligned Artificial Intelligence Many thanks to Catherine Olsson for feedback on drafts The Alignment Problem (This is now fixed. Dont try it!)

626 views • 30 slides
Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer,

Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer,

Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana Columbia University Code: https://github.com/columbia/pixeldp Contact:

680 views • 48 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides

More recommend