how clever is is your neural network
play

How CLEVER is is your neural network? Robustness evaluation against - PowerPoint PPT Presentation

Nov 06, 2023 •488 likes •852 views

How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu Chen IBM Research AI OReilly AI Conference @ London 2018 IBM Research AI Label it! IBM Research AI Label it! AI model says: ostrich IBM

  1. How CLEVER is is your neural network? Robustness evaluation against adversarial examples Pin-Yu Chen IBM Research AI O’Reilly AI Conference @ London 2018 IBM Research AI

  2. Label it! IBM Research AI

  3. Label it! AI model says: ostrich IBM Research AI

  4. How about this one? IBM Research AI

  5. Surprisingly, AI model says: shoe shop IBM Research AI

  6. What is wrong with this AI model? - This model is one of the BEST image classifier using neural networks EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples, P.-Y. Chen*, Y. Sharma*, H. Zhang, J. Yi, and C-.J. Hsieh, AAAI 2018 IBM Research AI

  7. Adversarial examples: the evil doublegangers source: Google Images IBM Research AI

  8. Why do adversarial examples matter? - Adversarial attacks on an AI model deployed at test time (aka evasion attacks) IBM Research AI

  9. Adversarial examples in different domains • Images • Videos • Texts • Speech/Audio AI model • Data analysis • Electronic health records • Malware • Online social network • and many others IBM Research AI

  10. Adversarial examples in image captioning AI model Input: image Output: caption Show and Tell: Lessons Learned from the 2015 MSCOCO Image Captioning Challenge, Oriol Vinyals, AlexanderToshev, Samy Bengio, and Dumitru Erhan, T-PAMI 2017 Attacking Visual Language Grounding with Adversarial Examples: A Case Study on Neural Image Captioning, Hongge Chen*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi, and Cho-Jui Hsieh, ACL 2018 IBM Research AI

  11. Adversarial examples in speech recognition without the dataset the article is useless AI model What did your hear? Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, Nicholas Carlini and David Wagner, Deep Learning and Security Workshop 2018 IBM Research AI

  12. Adversarial examples in speech recognition without the dataset the article is useless AI model What did your hear? okay google browse to evil.com Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, Nicholas Carlini and David Wagner, Deep Learning and Security Workshop 2018 IBM Research AI

  13. Adversarial examples in data regression Data Model Analysis Factor identification Is Ordered Weighted $\ell_1$ Regularized Regression Robust to Adversarial Perturbation? A Case Study on OSCAR, Pin-Yu Chen*, Bhanukiran Vinzamuri*, and Sijia Liu, GlobalSIP 2018 IBM Research AI

  14. Adversarial examples in physical world • Real-time traffic sign detector • 3D-printed adversarial turtle • Adversarial eye glasses IBM Research AI

  15. Adversarial examples in physical world (1) • Real-time traffic sign detector IBM Research AI

  16. Adversarial examples in physical world (2) • 3D-printed adversarial turtle IBM Research AI

  17. Adversarial examples in physical world (3) • Adversarial eye glasses that fool face detector • Adversarial sticker IBM Research AI

  18. Adversarial examples in black-box models • White-box setting : adversary knows everything about your model • Black-box setting: craft adversarial examples with limited knowledge about the target model Black-box attack via iterative model query (ZOO) ❖ Unknown training procedure/data/model ❖ Unknown output classes ❖ Unknown model confidence Image AI/ML system Prediction Targeted black-box attack on Google Cloud Vision ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models, P.-Y. Chen*, H. Zhang*, Y. Sharma, J. Yi, and C.-J. Hsieh, AI-Security 2017 Black-box Adversarial Attacks with Limited Queries and Information, Andrew Ilyas*, Logan Engstrom*, Anish Athalye*, and Jessy Lin*, ICML 2018 Source: https://www.labsix.org/partial-information-adversarial-examples/ IBM Research AI

  19. Growing concerns about safety-critical settings with AI Autonomous cars that deploy AI model for traffic signs recognition Source: Paishun Ting IBM Research AI

  20. But with adversarial examples… IBM Research AI Source: Paishun Ting

  21. Where do adversarial examples come from? - What is the common theme of adversarial examples in different domains? IBM Research AI

  22. Neural Networks: The Engine for Deep Learning • Applications of neural networks outcome (prediction) neural network ❑ Image processing and understanding ❑ Object detection/classification ❑ Chatbot, Q&A ❑ Machine translation 2% (traffic light) ❑ Speech recognition ❑ Game playing 90% (French bulldog) ❑ Robotics 3% (basketball) ❑ Bioinformatics ❑ Creativity 5% (bagel) ❑ Drug discovery ❑ Reasoning ❑ And still a long list… input task trainable neurons; Source: Paishun Ting usually large and deep IBM Research AI

  23. The ImageNet Accuracy Revolution and Arms Race Geoffrey Hinton Beyond human performance What’s Next? Source: http://image-net.org/challenges/talks_2017/imagenet_ilsvrc2017_v1.0.pdf Source: https://qz.com/1034972/the-data-that-changed-the-direction-of-ai-research-and-possibly-the-world/ IBM Research AI

  24. Accuracy ≠ Adversarial Robustness • Solely pursuing for high- accuracy AI model may get us in trouble… Our benchmark on 18 ImageNet models reveals a tradeoff in accuracy and robustness Robustness Accuracy Is Robustness the Cost of Accuracy? A Comprehensive Study on the Robustness of 18 Deep Image Classification Models, Dong Su*, Huan Zhang*, Hongge Chen, Jinfeng Yi, Pin-Yu Chen, and Yupeng Gao, ECCV 2018 IBM Research AI

  25. How can we measure and improve adversarial robustness of my AI/ML model? An explanation of origins of adversarial examples The CLRVER score for robustness evaluation IBM Research AI

  26. Learning to classify is all about drawing a line Classified as Labeled datasets Classified as Decision boundary w/ 100% accuracy Decision boundary w/ <100% accuracy Source: Paishun Ting IBM Research AI

  27. Connecting adversarial examples to model robustness Classified as Classified as • Robustness evaluation: how close a refence input is to the (closest) decision boundary IBM Research AI Source:Paishun-Ting, Tsui-Wei Weng

  28. Robustness evaluation is NOT easy • We still don’t fully understand how neural nets learn to predict Labeled ❑ calling for interpretable AI datasets • Training data could be noisy and biased ❑ calling for robust and fair AI • Neural network architecture could be redundant and leading to vulnerable spots ❑ calling for efficient and secure AI model • Need for human-like machine perception and understanding ❑ calling for bio-inspired AI model • Attacks can also benefit and improve upon the progress in AI ❑ calling for attack-independent evaluation IBM Research AI

  29. How do we evaluate adversarial robustness? • Game-based approach • Verification-based approach ❑ Specify a set of players (attacks and defenses) ❑ Attack-independent: does not use attacks for evaluation ❑ Benchmark the performance against each attacker-defender pair ❑ Can provide a robustness certificate o The metric/rank could be exploited; for safety-critical or reliability- No guarantee on unseen sensitive applications: e.g., no attacks can alter the decision of the AI model threats and future attacks if the attack strength is limited Optimal verification is provably difficult for large neural nets – computationally impractical - Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks, Guy Katz, Clark Barrett, David Dill, Kyle Julian, Mykel Kochenderfer, CAV 2017 IBM Research AI - Efficient Neural Network Robustness Certification with General Activation Functions, Huan Zhang*, Tsui-Wei Weng*, Pin-Yu Chen, Cho-Jui Hsieh, and Luca Daniel, NIPS 2018

  30. CLEVER: a tale of two approaches • An attack-independent, model-agnostic robustness metric that is efficient to ≈ CLEVER score compute • Derived from theoretical robustness analysis for verification of neural networks: Cross Lipschitz Extreme Value for nEtwork Robustness • Use of extreme value theory for efficient estimation of minimum distortion • Scalable to large neural networks input-output perturbation • Open-source codes: analysis of https://github.com/IBM/CLEVER-Robustness-Score neural net Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach, Tsui-Wei Weng*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi, Dong Su, Yupeng Guo, Cho-Jui Hsieh, and Luca Daniel, ICLR 2018 On Extensions of CLEVER: a Neural Network Robustness Evaluation Algorithm, Tsui-Wei Weng*, Huan Zhang*, Pin-Yu Chen, Aurelie Lozano, Cho-Jui Hsieh, and Luca Daniel, GlobalSIP 2018 IBM Research AI

  31. How do we use CLEVER? Other use cases Before-After robustness comparison • Will my model become more • Characterize the behaviors and properties of adversarial examples robust if I do/use X ? • Hyperparameter selection for CLEVER adversarial attacks and defenses score Original • Reward-driven model robustness model Same set of improvement data for do/use X robustness evaluation Robustne CLEVER Modified ss score model Accuracy IBM Research AI

  32. Examples of CLEVER • CLEVER enables robustness comparison between different ❑ Threat models ❑ Datasets ❑ Neural network architectures ❑ Defense mechanisms IBM Research AI

  33. Where to Find CLEVER? It’s ART IBM Research AI Also available at https://github.com/IBM/CLEVER-Robustness-Score

Recommend

Man is special Some animals are very clever but none of them can compare with man. Clever

Man is special Some animals are very clever but none of them can compare with man. Clever

Man is special Some animals are very clever but none of them can compare with man. Clever animals Using tools Koko the gorilla Koko is very intelligent. She: learned sign language asked (signed) for and got a pet kitten was very

314 views • 13 slides
Neural Information Retrieval Wassila Lalouani 1 Plan Neural network architectures Neural

Neural Information Retrieval Wassila Lalouani 1 Plan Neural network architectures Neural

Neural Information Retrieval Wassila Lalouani 1 Plan Neural network architectures Neural IR tasks Neural IR architecture Feature Representations Neural IR query auto completion Neural IR query suggestion Neural IR document

1.48k views • 18 slides
Artificial Neural Networks By: Kodi Neumiller Overview What is an artificial neural network

Artificial Neural Networks By: Kodi Neumiller Overview What is an artificial neural network

Artificial Neural Networks By: Kodi Neumiller Overview What is an artificial neural network Perceptron Feed forward Backpropagation Learning rate/momentum What is a neural network? Artificial Human Neurons Each

888 views • 12 slides
MULTILAYER NEURAL NETWORKS Jeff Robble, Brian Renzenbrink, Doug Roberts Multilayer Neural

MULTILAYER NEURAL NETWORKS Jeff Robble, Brian Renzenbrink, Doug Roberts Multilayer Neural

MULTILAYER NEURAL NETWORKS Jeff Robble, Brian Renzenbrink, Doug Roberts Multilayer Neural Networks We learned in Chapter 5 that clever choices of nonlinear functions we can obtain arbitrary decision boundaries that lead to minimum error.

900 views • 37 slides
Same, Same But Different Recovering Neural Network Quantization Error Through Weight

Same, Same But Different Recovering Neural Network Quantization Error Through Weight

Same, Same But Different Recovering Neural Network Quantization Error Through Weight Factorization Eldad Meller ICML 2019 Neural Network Quantization Quantization of Neural Networks is needed for efficient inference Quantization adds

482 views • 9 slides
Deep Learning Primer Nishith Khandwala Neural Networks Overview Neural Network Basics

Deep Learning Primer Nishith Khandwala Neural Networks Overview Neural Network Basics

Deep Learning Primer Nishith Khandwala Neural Networks Overview Neural Network Basics Activation Functions Stochastic Gradient Descent (SGD) Regularization (Dropout) Training Tips and Tricks Neural Network (NN)

828 views • 45 slides
Graph Neural Network Fang Yuanqiang, 2019/05/18 Graph Neural Network Why GNN? Preliminary

Graph Neural Network Fang Yuanqiang, 2019/05/18 Graph Neural Network Why GNN? Preliminary

Graph Neural Network Fang Yuanqiang, 2019/05/18 Graph Neural Network Why GNN? Preliminary Fixed graph Vanilla Spectral Graph ConvNets ChebyNet GCN CayleyNet Multiple graphs Variable graph

817 views • 46 slides
Neural network applications ALVINN (Pomerleau, mid 1990s) Autonomous Land Vehicle in Neural

Neural network applications ALVINN (Pomerleau, mid 1990s) Autonomous Land Vehicle in Neural

Neural network applications ALVINN (Pomerleau, mid 1990s) Autonomous Land Vehicle in Neural Network To date: Sharp Straight Sharp Left Ahead Right Neural networks: what are they 30 Output Units Backpropagation: efficient

346 views • 15 slides
Neural Networks for Machine Learning Lecture 2a An overview of the main types of neural network

Neural Networks for Machine Learning Lecture 2a An overview of the main types of neural network

Neural Networks for Machine Learning Lecture 2a An overview of the main types of neural network architecture Geoffrey Hinton with Nitish Srivastava Kevin Swersky Feed-forward neural networks These are the commonest type of neural

534 views • 32 slides
Similarity of Neural Network Representations Revisited Simon Kornblith, Mohammad Norouzi,

Similarity of Neural Network Representations Revisited Simon Kornblith, Mohammad Norouzi,

Similarity of Neural Network Representations Revisited Simon Kornblith, Mohammad Norouzi, Honglak Lee, Geofgrey Hinton Motivation We need tools to understand trained neural networks Neural network training involves interactions between an

588 views • 16 slides
Lecture 2: Deeper Neural Network 1 Objective In the second lecture, you will see How to

Lecture 2: Deeper Neural Network 1 Objective In the second lecture, you will see How to

Lecture 2: Deeper Neural Network 1 Objective In the second lecture, you will see How to deepen your neural network to learn more complex functions Several techniques to fasten your learning process The most popular artificial

423 views • 40 slides
Neural network architectures for image captioning By Emily Kern Given a set of images and

Neural network architectures for image captioning By Emily Kern Given a set of images and

Neural network architectures for image captioning By Emily Kern Given a set of images and accompanying human-generated captions, can we train a neural network to predict captions for new images? What is a neural network? A computer system

523 views • 16 slides
Unsupervised clustering with growing self-organizing neural network A comparison with non-neural

Unsupervised clustering with growing self-organizing neural network A comparison with non-neural

Unsupervised clustering with growing self-organizing neural network A comparison with non-neural approach Martin Hynar, Michal Burda, Jana Sarmanov a Department of Computer Science, V SB Technical University of Ostrava, 17.

473 views • 24 slides
Propagating Error Backward Hyperparameters for Neural Networks } Multi-layer (deep) neural

Propagating Error Backward Hyperparameters for Neural Networks } Multi-layer (deep) neural

Learning in Neural Networks w 1,3 w 3,5 1 3 5 w w 1,4 3,6 w w 2,3 4,5 2 4 6 w w 2,4 4,6 Class #18: Back-Propagation; } A neural network can learn a classification function by Tuning Hyper-Parameters adjusting its weights to

259 views • 4 slides
A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT A Neural Network Architecture

A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT A Neural Network Architecture

A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT A Neural Network Architecture for Detec2ng Gramma2cal Errors in SMT Morpho-Syntac-c features outperform word embeddings on this task Syntac-c n-grams improve the

1.18k views • 38 slides
Human-Robot Interaction: Language Acquisition with Neural Network Alvin Rindra Fazrie 09.11.2015

Human-Robot Interaction: Language Acquisition with Neural Network Alvin Rindra Fazrie 09.11.2015

Human-Robot Interaction: Language Acquisition with Neural Network Alvin Rindra Fazrie 09.11.2015 1 Outline Motivation Basics and Definitions - Natural Language Processing - Neural Network Neural Network Architecture - Single

242 views • 12 slides
Neural Network II Neural Network II Week 8 1 Team Homework Assignment #10 Team Homework

Neural Network II Neural Network II Week 8 1 Team Homework Assignment #10 Team Homework

Neural Network II Neural Network II Week 8 1 Team Homework Assignment #10 Team Homework Assignment #10 Read pp. 327 334. Read pp. 327 334. Do Example 6.9. Explore neural network tools and try to use a tool for solving Example

628 views • 47 slides
Machine Learning for NLP The Neural Network Zoo Aurlie Herbelot 2019 Centre for Mind/Brain

Machine Learning for NLP The Neural Network Zoo Aurlie Herbelot 2019 Centre for Mind/Brain

Machine Learning for NLP The Neural Network Zoo Aurlie Herbelot 2019 Centre for Mind/Brain Sciences University of Trento 1 The Neural Net Zoo http://www.asimovinstitute.org/neural-network-zoo/ 2 How to keep track of new architectures?

467 views • 26 slides
Neural Networks Hugo Larochelle ( @hugo_larochelle ) Google Brain 2 NEURAL NETWORK ONLINE

Neural Networks Hugo Larochelle ( @hugo_larochelle ) Google Brain 2 NEURAL NETWORK ONLINE

Neural Networks Hugo Larochelle ( @hugo_larochelle ) Google Brain 2 NEURAL NETWORK ONLINE COURSE http://info.usherbrooke.ca/hlarochelle/neural_networks Topics: online videos for a more detailed description of neural networks

1.4k views • 85 slides
Convolutional Kuan-Ting Lai 2020/3/31 Neural Network Convolutional Neural Networks (CNN)

Convolutional Kuan-Ting Lai 2020/3/31 Neural Network Convolutional Neural Networks (CNN)

Convolutional Kuan-Ting Lai 2020/3/31 Neural Network Convolutional Neural Networks (CNN) A.k.a. CNN or ConvNet Adit Deshpande, A Beginner's Guide To Understanding Convolutional Neural Networks. Digital Images Input array: an images

1.42k views • 72 slides
Algorithms in Nature Pruning in neural networks Neural network development 1. Efficient signal

Algorithms in Nature Pruning in neural networks Neural network development 1. Efficient signal

Algorithms in Nature Pruning in neural networks Neural network development 1. Efficient signal propagation [e.g. information processing &amp; integration] 2. Robust to noise and failures [e.g. cell or synapse failure] 3. Cost-aware design [e.g.

874 views • 33 slides
Networks Luke Schuler Overview What is an Artificial Neural Network? History

Networks Luke Schuler Overview What is an Artificial Neural Network? History

Artificial Neural Networks Luke Schuler Overview What is an Artificial Neural Network? History Inception Abandonment Resurgence Model Training Applications What is an Artificial Neural Network? An artificial

616 views • 15 slides
FPGgram Diana Valverde Tonye Brown Overview Aim Design Neural Network

FPGgram Diana Valverde Tonye Brown Overview Aim Design Neural Network

FPGgram Diana Valverde Tonye Brown Overview Aim Design Neural Network Structure Hardware Software Results Lesson Learned Aim Our project focuses on using convolutional neural network for image

633 views • 15 slides
Neural networks (Ch. 12) Back-propagation The neural network is as good as it's structure and

Neural networks (Ch. 12) Back-propagation The neural network is as good as it's structure and

Neural networks (Ch. 12) Back-propagation The neural network is as good as it's structure and weights on edges Structure we will ignore (more complex), but there is an automated way to learn weights Whenever a NN incorrectly answer a problem,

1.18k views • 19 slides

More recommend