re reverse eng engine neeri ring ng de deep re relu ne
play

Re Reverse-Eng Engine neeri ring ng De Deep Re ReLU Ne - PowerPoint PPT Presentation

Feb 03, 2024 •98 likes •315 views

Re Reverse-Eng Engine neeri ring ng De Deep Re ReLU Ne Networ orks David Rolnick and Konrad Krding University of Pennsylvania International Conference on Machine Learning (ICML) 2020 Reverse-engineering a neural network Problem:

  1. Re Reverse-Eng Engine neeri ring ng De Deep Re ReLU Ne Networ orks David Rolnick and Konrad Körding University of Pennsylvania International Conference on Machine Learning (ICML) 2020

  2. Reverse-engineering a neural network Problem: Recover network architecture and weights from black-box access. Implications for: • Proprietary networks • Confidential training data • Adversarial attacks 1

  3. Is perfect reverse-engineering possible? What if two networks define exactly the same function? ReLU networks unaffected by: • Permutation: re-labeling neurons/weights in any layer • Scaling: at any neuron, multiplying incoming weights & bias by , multiplying outgoing weights by Our goal: Reverse engineering deep ReLU networks up to permutation & scaling. 2

  4. Related work • Recovering networks with one hidden layer (e.g. Goel & Klivans 2017, Milli et al. 2019, Jagielski et al. 2019, Ge et al. 2019) • Neuroscience, simple circuits in brain (Heggelund 1981) • No algorithm to recover even the first layer of a deep network 3

  5. Linear regions in a ReLU network • Activation function: • Deep ReLU networks are piecewise linear functions: • Linear regions = pieces of on which is constant (Hanin & Rolnick 2019) 4

  6. Boundaries of linear regions 5

  7. Boundaries of linear regions Piecewise linear boundary component for each neuron (Hanin & Rolnick 2019) 6

  8. Main theorem (informal) For a fully connected ReLU network of any depth, suppose that each boundary component is connected and that and intersect for each pair of adjacent neurons and . a) Given the set of linear region boundaries, it is possible to recover the complete structure and weights of the network, up to permutation and scaling, except for a measure-zero set of networks. b) It is possible to approximate the set of linear region boundaries and thus the architecture/weights by querying the network. 7

  9. Main theorem (informal) For a fully connected ReLU network of any depth, suppose that each boundary component is connected and that and intersect for each pair of adjacent neurons and . a) Given the set of linear region boundaries, it is possible to recover the complete structure and weights of the network, up to permutation and scaling, except for a measure-zero set of networks. b) It is possible to approximate the set of linear region boundaries and thus the architecture/weights by querying the network. 8

  10. Part (a), proof intuition Neuron in Layer 1 9

  11. Part (a), proof intuition Neuron in Layer 2 10

  12. Main theorem (informal) For a fully connected ReLU network of any depth, suppose that each boundary component is connected and that and intersect for each pair of adjacent neurons and . a) Given the set of linear region boundaries, it is possible to recover the complete structure and weights of the network, up to permutation and scaling, except for a measure-zero set of networks. b) It is possible to approximate the set of linear region boundaries and thus the architecture/weights by querying the network. 11

  13. Part (b): reconstructing Layer 1 Goal : Approximate boundaries by querying network adaptively Approach: Identify points on the boundary by binary search using 1) Find boundary points along a line 2) Each belongs to some , identify the local hyperplane by regression 3) Test whether is a hyperplane 12

  14. Part (b): reconstructing Layers ≥ 2 1) Start with unused boundary points identified in previous algorithm 2) Explore how bends as it intersects already identified 13

  15. Why don’t we just… …train on the output of the black-box network to recover it? It doesn’t work. …repeat our algorithm for Layer 1 to learn Layer 2? Requires arbitrary inputs to Layer 2, but cannot invert Layer 1. 14

  16. Assumptions of the algorithm Boundary components are connected Þ generally holds unless input dimension small Adjacent neurons have intersecting boundary components Þ failure can result from unavoidable ambiguities in network (beyond permutation and scaling) Note: Algorithm “degrades gracefully” • When assumptions don’t hold exactly, still recovers most of the network 15

  17. More complex networks Convolutional layers • Algorithm still works • Doesn’t account for weight-sharing, so less efficient Skip connections • Algorithm works with modification • Need to consider intersections between more pairs of boundary components 16

  18. Experimental results – Layer 1 algorithm 17

  19. Experimental results – Layer ≥ 2 algorithm 18

  20. Summary • Prove: Can recover architecture, weights, & biases of deep ReLU networks from linear region boundaries (under natural assumptions). • Implement: Algorithm for recovering full network from black-box access by approximating these boundaries. • Demonstrate: Success of our algorithm at reverse-engineering networks in practice. 19

Recommend

Geoengi gine neeri ring f ng for C r Climate te Cha hang nge: Na Natu ture Ha Has A

Geoengi gine neeri ring f ng for C r Climate te Cha hang nge: Na Natu ture Ha Has A

Geoengi gine neeri ring f ng for C r Climate te Cha hang nge: Na Natu ture Ha Has A Already Demon onstrated the d the Pr Proc ocess and Som nd Some Ef Effects Dr. Russ Schnell NOAA Global Monitoring Division 325 Broadway

152 views • 14 slides
Adaptivity of deep ReLU network and its generalization error analysis Taiji Suzuki The

Adaptivity of deep ReLU network and its generalization error analysis Taiji Suzuki The

Adaptivity of deep ReLU network and its generalization error analysis Taiji Suzuki The University of Tokyo Department of Mathematical Informatics AIP-RIKEN 22nd/Feb/2019 The 2nd Korea-Japan Machine Learning Workshop 1 / 50 Deep

1.57k views • 64 slides
Collapse of Deep and Narrow ReLU Neural Nets Lu Lu , Yeonjong Shin, Yanhui Su, George Karniadakis

Collapse of Deep and Narrow ReLU Neural Nets Lu Lu , Yeonjong Shin, Yanhui Su, George Karniadakis

Collapse of Deep and Narrow ReLU Neural Nets Lu Lu , Yeonjong Shin, Yanhui Su, George Karniadakis Division of Applied Mathematics, Brown University Scientific Machine Learning, ICERM January 28, 2019 Lu (Brown) ReLU NN Collapse Scientific ML

589 views • 32 slides
Constructive universal high-dimensional distribution generation through deep ReLU networks Dmytro

Constructive universal high-dimensional distribution generation through deep ReLU networks Dmytro

Constructive universal high-dimensional distribution generation through deep ReLU networks Dmytro Perekrestenko July 2020 joint work with Stephan M uller and Helmut B olcskei Motivation Deep neural networks are widely used as generative

380 views • 17 slides
POLYTECHNI C of BARI FACULTY of ENGI NEERI NG COURSE of DEGREE in ELECTRONI C ENGI NEERI NG

POLYTECHNI C of BARI FACULTY of ENGI NEERI NG COURSE of DEGREE in ELECTRONI C ENGI NEERI NG

POLYTECHNI C of BARI FACULTY of ENGI NEERI NG COURSE of DEGREE in ELECTRONI C ENGI NEERI NG GRADUATION THESIS Bistatic SAR for Earth observation: application of the Dynamic I nversion technique to the orbital and attitude control

760 views • 36 slides
Nonparametric regression using deep neural networks with ReLU activation function Johannes

Nonparametric regression using deep neural networks with ReLU activation function Johannes

Nonparametric regression using deep neural networks with ReLU activation function Johannes Schmidt-Hieber February 2018 Caltech 1 / 20 Many impressive results in applications . . . Lack of theoretical understanding . . . 2 / 20

215 views • 20 slides
Main Result samples 1 , , ReLU Main Theorem 1

Main Result samples 1 , , ReLU Main Theorem 1

A Convergence Theory for Deep Learning via Over-Parameterization Zeyuan Allen-Zhu Yuanzhi Li Zhao Song MSR AI Stanford UT Austin Princeton U of Washington Harvard Main Result samples 1 , , ReLU

309 views • 19 slides
The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro

The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro

The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro Abdelgawad / REcon 2016 line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl The Remote Metamorphic Engine xor eax, 0

683 views • 50 slides
KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh Quynh <aquynh -at- gmail.com> RECON - June 19th, 2016 1 / 48 NGUYEN Anh Quynh KEYSTONE: the last missing framework for Reverse Engineering

731 views • 48 slides
Summary (of part 1) Basic deep networks via iterated logistic regression. Deep network

Summary (of part 1) Basic deep networks via iterated logistic regression. Deep network

Summary (of part 1) Basic deep networks via iterated logistic regression. Deep network terminology: parameters, activations, layers, nodes. Standard choices: biases, ReLU nonlinearity, cross-entropy loss. Basic optimization: magic

640 views • 52 slides
Parameterised Sigmoid and ReLU Hidden Activation Functions for DNN Acoustic Modelling Chao Zhang

Parameterised Sigmoid and ReLU Hidden Activation Functions for DNN Acoustic Modelling Chao Zhang

Parameterised Sigmoid and ReLU Hidden Activation Functions for DNN Acoustic Modelling Chao Zhang & Phil Woodland University of Cambridge 29 April 2015 Introduction The hidden activation function plays an important role in deep

744 views • 13 slides
Reverse Mathematics and Commutative Ring Theory Takeshi Yamazaki Mathematical Institute, Tohoku

Reverse Mathematics and Commutative Ring Theory Takeshi Yamazaki Mathematical Institute, Tohoku

Reverse Mathematics and Commutative Ring Theory Takeshi Yamazaki Mathematical Institute, Tohoku University Computability Theory and Foundations of Mathematics Tokyo Institute of Technology, February 18 - 20, 2013 Outline of this talk: 1. What

745 views • 15 slides
All That Glisters Is Not Convnets: Hybrid Architectures For Faster, Better Solvers Prof Tom

All That Glisters Is Not Convnets: Hybrid Architectures For Faster, Better Solvers Prof Tom

All That Glisters Is Not Convnets: Hybrid Architectures For Faster, Better Solvers Prof Tom Drummond Image classification network structure #classes Conv+RELU Conv+ Conv+RELU Reshape FC+RELU FC+Softmax Downsample Feature detection

493 views • 30 slides
TIME/ACCURACY TRADEOFFS FOR LEARNING A RELU WITH RESPECT TO GAUSSIAN MARGINALS Surbhi Goel

TIME/ACCURACY TRADEOFFS FOR LEARNING A RELU WITH RESPECT TO GAUSSIAN MARGINALS Surbhi Goel

TIME/ACCURACY TRADEOFFS FOR LEARNING A RELU WITH RESPECT TO GAUSSIAN MARGINALS Surbhi Goel Sushrut Karmalkar Adam Klivans The University of Texas at Austin 1 WHAT IS RELU REGRESSION? Given : Samples drawn from distribution

372 views • 21 slides
Small ReLU networks are powerful memorizers: a tight analysis of memorization capacity Chulhee

Small ReLU networks are powerful memorizers: a tight analysis of memorization capacity Chulhee

Small ReLU networks are powerful memorizers: a tight analysis of memorization capacity Chulhee Yun, Suvrit Sra, Ali Jadbabaie Laboratory for Information and Decision Systems, MIT Given a ReLU fully-connected network, how many hidden nodes

670 views • 19 slides
Proc ocess ss Engine gineering ring S.r.l. Made in in Proces ess Made in in Italy www

Proc ocess ss Engine gineering ring S.r.l. Made in in Proces ess Made in in Italy www

Proc ocess ss Engine gineering ring S.r.l. Made in in Proces ess Made in in Italy www www.pe pe-proce rocess.com com << Company Presentation >> 1. Activity 2. Made in Process 3. Process Equipment 4. Machinery

472 views • 25 slides
ReLu and Maxout Networks and Their Possible Connections to Tropical Methods J org Zimmermann,

ReLu and Maxout Networks and Their Possible Connections to Tropical Methods J org Zimmermann,

ReLu and Maxout Networks and Their Possible Connections to Tropical Methods J org Zimmermann, AG Weber Institute of Computer Science University of Bonn, Germany 1 J org Zimmermann: ReLu and Maxout Networks and Their Possible Connections

542 views • 16 slides
CUDA NEW FEATURES AND BEYOND Stephen Jones, GTC 2019 A QUICK LOOK BACK This Time Last Year...

CUDA NEW FEATURES AND BEYOND Stephen Jones, GTC 2019 A QUICK LOOK BACK This Time Last Year...

CUDA NEW FEATURES AND BEYOND Stephen Jones, GTC 2019 A QUICK LOOK BACK This Time Last Year... 3x3 ReLU convolution 5x5 input ReLU concat convolution max 1x1 ReLU pool convolution DGX-2 + Unified Memory Asynchronous Task Graphs

746 views • 73 slides
Deep Representation: Building a Semantic Image Search Engine Emmanuel Ameisen PINTEREST SEARCH

Deep Representation: Building a Semantic Image Search Engine Emmanuel Ameisen PINTEREST SEARCH

Deep Representation: Building a Semantic Image Search Engine Emmanuel Ameisen PINTEREST SEARCH IMAGE SEARCH ENGINE IMAGE TAGGING thenextweb.com BACKGROUND Why am I speaking about this? ABOUT INSIGHT 7-Week Fellowship in TORONTO

967 views • 59 slides
Compressing DMA Engine: Leveraging Activation Sparsity For Training Deep Neural Networks Minsoo

Compressing DMA Engine: Leveraging Activation Sparsity For Training Deep Neural Networks Minsoo

(C) Minsoo Rhu 1 Compressing DMA Engine: Leveraging Activation Sparsity For Training Deep Neural Networks Minsoo Rhu , Mike OConnor * , Niladrish Chatterjee * , Jeff Pool * , Youngeun Kwon , and Stephen W. Keckler * POSTECH and

2.04k views • 66 slides
On-line learning in neural networks with ReLU activation Michiel Straat September 19, 2018 1 /

On-line learning in neural networks with ReLU activation Michiel Straat September 19, 2018 1 /

On-line learning in neural networks with ReLU activation On-line learning in neural networks with ReLU activation Michiel Straat September 19, 2018 1 / 51 On-line learning in neural networks with ReLU activation Overview 1 Statistical physics

913 views • 51 slides
Deep Learning Barun Patra Index Convolutional Networks Introduction to Neural Nets

Deep Learning Barun Patra Index Convolutional Networks Introduction to Neural Nets

Deep Learning Barun Patra Index Convolutional Networks Introduction to Neural Nets Inspiration Activations Kernels Sigmoid Idea Tanh As used in NLP Relu (Derivatives) Paper Discussion

806 views • 46 slides
NAVIMEC DIESEL ENGINE REPAIR AND MAINTENANCE - About Us - Services - Contacts About the

NAVIMEC DIESEL ENGINE REPAIR AND MAINTENANCE - About Us - Services - Contacts About the

NAVIMEC DIESEL ENGINE REPAIR AND MAINTENANCE - About Us - Services - Contacts About the Company For years now our company consists of a team of mechanical engineers and experts who know how to handle any engine problems. We have deep

288 views • 16 slides
CS 4803 / 7643: Deep Learning Topics: Backpropagation Vector/Matrix/Tensor math

CS 4803 / 7643: Deep Learning Topics: Backpropagation Vector/Matrix/Tensor math

CS 4803 / 7643: Deep Learning Topics: Backpropagation Vector/Matrix/Tensor math Deriving vectorized gradients for ReLU Zsolt Kira Georgia Tech Administrivia PS1/HW1 out Start thinking about project topics/teams (C)

482 views • 21 slides

More recommend