robustness and geometry of deep neural networks
play

Robustness and geometry of deep neural networks Alhussein Fawzi - PowerPoint PPT Presentation

Feb 26, 2024 •104 likes •809 views

Robustness and geometry of deep neural networks Alhussein Fawzi DeepMind May 23rd 2019 The Mathematics of Deep Learning and Data Science University of Cambridge 1 Recent advances in machine learning Error rate (%) He et., al., Delving

  1. Robustness and geometry of deep neural networks Alhussein Fawzi DeepMind May 23rd 2019 The Mathematics of Deep Learning and Data Science University of Cambridge 1

  2. Recent advances in machine learning Error rate (%) He et., al., “Delving Deep into Rectifiers: Surpassing Human-Level Performance on ImageNet Classification” , 2015 2 Karpathy et., al, “Automated Image Captioning with ConvNets and Recurrent Nets” LeCun et. al.,, “Deep Learning” , 2015 DeepMind https://deepmind.com/research/alphago/

  3. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. 3

  4. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. Lampshade 3

  5. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. Perturbation Lampshade 3

  6. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. Perturbation Lampshade 3

  7. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. Perturbation f Lampshade 3

  8. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. Perturbation f Lampshade? Lampshade 3

  9. Robustness of classifiers to perturbations In real world environments, images undergo perturbations. Perturbation f Lampshade? Lampshade Broad range of perturbations Adversarial perturbations [Szegedy et. al. ICLR 2014], [Biggio et. al., PKDD 2013], ... Random noise [Fawzi et. al., NIPS 2016], [Franceschi et. al., AISTATS 2018] Structured nuisances (geometric transformations [Bruna et. al., TPAMI 2013], [Jaderberg et. al., NIPS 2015] , occlusions [Sharif et. al., CCS 2016] , etc...). 3

  10. Robustness of classifiers to perturbations (Cont’d) Safety of machine learning systems ? 4

  11. Robustness of classifiers to perturbations (Cont’d) Safety of machine learning systems ? Better understanding of the geometry of state-of-the-art classifiers. Class 2 Class 1 4

  12. Talk outline 1 Fooling classifiers is easy: vulnerability to different perturbations. 2 Improving the robustness (i.e., “defending”) is difficult. 3 Geometric analysis of a successful defense: adversarial training. 5

  13. Adversarial perturbations State-of-the-art deep neural networks have been shown to be surprisingly unstable to adversarial perturbations. 6

  14. Adversarial perturbations State-of-the-art deep neural networks have been shown to be surprisingly unstable to adversarial perturbations. School bus 6

  15. Adversarial perturbations State-of-the-art deep neural networks have been shown to be surprisingly unstable to adversarial perturbations. School bus Ostrich 6

  16. Adversarial perturbations State-of-the-art deep neural networks have been shown to be surprisingly unstable to adversarial perturbations. School bus Perturbation Ostrich Figure from [Szegedy et. al., ICLR 2014]. 6

  17. Adversarial perturbations State-of-the-art deep neural networks have been shown to be surprisingly unstable to adversarial perturbations. School bus Perturbation Ostrich Figure from [Szegedy et. al., ICLR 2014]. Adversarial examples are found by seeking the minimal perturbation (in the ℓ 2 sense) that switches the label of the classifier. 6

  18. Adversarial perturbations Robustness to adversarial noise r ∗ ( ) x x r ∗ ( x ) = min � r � 2 subject to f ( x + r ) � = f ( x ) . r 7

  19. Other types of adversarial perturbations Universal perturbations [Moosavi-Dezfooli et. al., 2017] C h ihuah u a Joyst i ck L a b r a d o r Flagpole T e B all o on r r i e r Geometric transformations [Fawzi et. al., 2015, Moosavi-Dezfooli et. al., 2018, Xiao et al., 2018] 8

  20. Finding adversarial perturbations is easy... http://robust.vision 9

  21. ... but designing defense mechanisms is hard! Despite the huge number of proposed defenses, state-of-the-art classifiers are still vulnerable to small perturbations. 10

  22. ... but designing defense mechanisms is hard! Despite the huge number of proposed defenses, state-of-the-art classifiers are still vulnerable to small perturbations. 10

  23. ... but designing defense mechanisms is hard! Despite the huge number of proposed defenses, state-of-the-art classifiers are still vulnerable to small perturbations. 10

  24. ... but designing defense mechanisms is hard! Despite the huge number of proposed defenses, state-of-the-art classifiers are still vulnerable to small perturbations. 10

  25. Adversarial training 11

  26. Adversarial training Adversarial accuracy (CIFAR-10): 11

  27. Adversarial training Adversarial accuracy (CIFAR-10): [Madry et. al., 2017] 11

  28. Adversarial training Adversarial accuracy (CIFAR-10): [Madry et. al., 2017] Adversarial training leads to state-of-the art robustness to adversarial perturbations. 11

  29. Adversarial training Adversarial accuracy (CIFAR-10): [Madry et. al., 2017] Adversarial training leads to state-of-the art robustness to adversarial perturbations. But what does it actually do? 11

  30. Decision boundaries Adv. direction Random direction 12

  31. Decision boundaries Adv. direction Normal training Random direction 12

  32. Decision boundaries Adv. direction Normal training Adversarial training Random direction 12

  33. Decision boundaries Adv. direction Normal training Adversarial training Random direction After adversarial training, the decision boundaries are flatter and more regular. 12

  34. Effect of adversarial training on loss landscape Logit Label 13

  35. Effect of adversarial training on loss landscape Logit Label Before adv. fine-tuning 13

  36. Effect of adversarial training on loss landscape Logit Label Before adv. fine-tuning After adv. fine-tuning 13

  37. Effect of adversarial training on loss landscape (Cont’d) 14

  38. Quantitative analysis: curvature decrease with adversarial training We compute the Hessian matrix at a test point x with respect to inputs . � ∂ 2 ℓ � H = ∂ x i ∂ x j The eigenvalues of H are the curvature of ℓ in the vicinity of x . 15

  39. Quantitative analysis: curvature decrease with adversarial training We compute the Hessian matrix at a test point x with respect to inputs . � ∂ 2 ℓ � H = ∂ x i ∂ x j The eigenvalues of H are the curvature of ℓ in the vicinity of x . Eigenvalue profile Original Adversarial 1.5 1.0 Value 0.5 0.0 -0.5 0 500 1000 1500 2000 2500 3000 Eigenvalue number 15

  40. Quantitative analysis: curvature decrease with adversarial training We compute the Hessian matrix at a test point x with respect to inputs . � ∂ 2 ℓ � H = ∂ x i ∂ x j The eigenvalues of H are the curvature of ℓ in the vicinity of x . Eigenvalue profile Original Adversarial 1.5 1.0 Value 0.5 0.0 -0.5 0 500 1000 1500 2000 2500 3000 Eigenvalue number 15

  41. Relation between curvature and robustness Locally quadratic approximation of the loss function 16

  42. Relation between curvature and robustness Locally quadratic approximation of the loss function We derive upper and lower bounds on the minimal perturbation required to fool a classifier. 16

  43. Relation between curvature and robustness Locally quadratic approximation of the loss function We derive upper and lower bounds on the minimal perturbation required to fool a classifier. Threshold 16

  44. Relation between curvature and robustness Locally quadratic approximation of the loss function We derive upper and lower bounds on the minimal perturbation required to fool a classifier. Threshold 16

  45. Relation between curvature and robustness Locally quadratic approximation of the loss function We derive upper and lower bounds on the minimal perturbation required to fool a classifier. Threshold 16

  46. Relation between curvature and robustness Locally quadratic approximation of the loss function We derive upper and lower bounds on the minimal perturbation required to fool a classifier. Threshold 16

  47. Relation between curvature and robustness Locally quadratic approximation of the loss function We derive upper and lower bounds on the minimal perturbation required to fool a classifier. Threshold Robustness Upper bound Lower bound Curvature 16

  48. How important is the curvature decrease? Is the curvature decrease the main effect of adversarial training leading to improved robustness? 17

  49. How important is the curvature decrease? Is the curvature decrease the main effect of adversarial training leading to improved robustness? → we regularize explicitly for the curvature. 17

  50. How important is the curvature decrease? Is the curvature decrease the main effect of adversarial training leading to improved robustness? → we regularize explicitly for the curvature. Idea: Regularize the norm of the Hessian of the loss wrt inputs. 17

  51. How important is the curvature decrease? Is the curvature decrease the main effect of adversarial training leading to improved robustness? → we regularize explicitly for the curvature. Idea: Regularize the norm of the Hessian of the loss wrt inputs. Use Hutichinson’s estimator � � Hz � 2 � H � F = E 2 z ∼N (0 , I ) 17

Recommend

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ?

1.14k views • 26 slides
Deep Learning with Neural Networks The Structure and Optimization of Deep Neural Networks Allan

Deep Learning with Neural Networks The Structure and Optimization of Deep Neural Networks Allan

Deep Learning with Neural Networks The Structure and Optimization of Deep Neural Networks Allan Zelener Machine Learning Reading Group January 7 th 2016 The Graduate Center, CUNY Objectives Explain some of the trends of deep learning and

680 views • 44 slides
Introduction to Deep Neural Networks 0. Logistics Spring 2020 1 Neural Networks are taking

Introduction to Deep Neural Networks 0. Logistics Spring 2020 1 Neural Networks are taking

Introduction to Deep Neural Networks 0. Logistics Spring 2020 1 Neural Networks are taking over! Neural networks have become one of the major thrust areas recently in various pattern recognition, prediction, and analysis problems In

987 views • 40 slides
Visualizing and Interpreting Deep Neural Networks Bolei Zhou Department of Information

Visualizing and Interpreting Deep Neural Networks Bolei Zhou Department of Information

Visualizing and Interpreting Deep Neural Networks Bolei Zhou Department of Information Engineering The Chinese University of Hong Kong Deep Neural Networks are Everywhere Playing Go Making Medical Decision Understanding Scenes Deep Neural

1.1k views • 46 slides
On the Expressive Power of Deep Neural Networks Maithra Raghu, Ben Poole, Jon Kleinberg, Surya

On the Expressive Power of Deep Neural Networks Maithra Raghu, Ben Poole, Jon Kleinberg, Surya

On the Expressive Power of Deep Neural Networks Maithra Raghu, Ben Poole, Jon Kleinberg, Surya Ganguli, Jascha Sohl Dickstein Tom Brady Deep Neural Networks Recent successes in using Deep neural networks for image classification,

1.32k views • 17 slides
Outline Evolution of neurocomputing Artificial neural networks Feed forward

Outline Evolution of neurocomputing Artificial neural networks Feed forward

Introduction to Neural Networks and Deep Learning Ling Guan References: S. Haykin, Neural Networks , 2 nd Edition, New Jersey: Prentice Hall, 1. 2004. C. M. Bishop, Neural Networks for Pattern Re cognition, New York: 2. Oxford University

451 views • 17 slides
Towards Evaluating the Robustness of Neural Networks Nicholas Carlini and David Wagner

Towards Evaluating the Robustness of Neural Networks Nicholas Carlini and David Wagner

Towards Evaluating the Robustness of Neural Networks Nicholas Carlini and David Wagner University of California, Berkeley Background A neural network is a function with trainable parameters that learns a given mapping Given an image,

590 views • 58 slides
Introduction to Artificial Intelligence Neural Networks - Deep Learning for NLP Janyl Jumadinova

Introduction to Artificial Intelligence Neural Networks - Deep Learning for NLP Janyl Jumadinova

Introduction to Artificial Intelligence Neural Networks - Deep Learning for NLP Janyl Jumadinova November 21, 2016 Neural Networks 2/20 Neural Networks 3/20 Neural Networks Neural computing requires a number of neurons , to be connected

813 views • 21 slides
Optimizing Deep Neural Networks Leena Chennuru Vankadara 26-10-2015 Table of Contents Neural

Optimizing Deep Neural Networks Leena Chennuru Vankadara 26-10-2015 Table of Contents Neural

Optimizing Deep Neural Networks Leena Chennuru Vankadara 26-10-2015 Table of Contents Neural Networks and loss surfaces Problems of Deep Architectures Optimization in Neural Networks Under fitting Proliferation of Saddle

1.67k views • 41 slides
Deep Neural Networks and Molecular Dynamics Roberto Car Princeton University MAX Conference

Deep Neural Networks and Molecular Dynamics Roberto Car Princeton University MAX Conference

Deep Neural Networks and Molecular Dynamics Roberto Car Princeton University MAX Conference ICTP, Trieste, Jan 29-31 2018 Deep Neural Networks When properly trained, deep NN are capable of learning the complex functional dependence of

442 views • 17 slides
CS7015 (Deep Learning) : Lecture 13 Visualizing Convolutional Neural Networks, Guided

CS7015 (Deep Learning) : Lecture 13 Visualizing Convolutional Neural Networks, Guided

CS7015 (Deep Learning) : Lecture 13 Visualizing Convolutional Neural Networks, Guided Backpropagation, Deep Dream, Deep Art, Fooling Convolutional Neural Networks Mitesh M. Khapra Department of Computer Science and Engineering Indian Institute

1.07k views • 72 slides
Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and

Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and

Deep Neural Networks and Deep Reinforcement Learning Deep Neural Networks and Deep Reinforcement Learning Deep Learning, Goodfellow, Bengio and Courville [chapt. 6,7,8]; AIMA [sect. 21.1-21.3]; Sutton and Barto, Reinforcement Learning: an

527 views • 35 slides
Propagating Error Backward Hyperparameters for Neural Networks } Multi-layer (deep) neural

Propagating Error Backward Hyperparameters for Neural Networks } Multi-layer (deep) neural

Learning in Neural Networks w 1,3 w 3,5 1 3 5 w w 1,4 3,6 w w 2,3 4,5 2 4 6 w w 2,4 4,6 Class #18: Back-Propagation; } A neural network can learn a classification function by Tuning Hyper-Parameters adjusting its weights to

259 views • 4 slides
Deep Neural Networks Reveal a Gradient in the Complexity of Neural Representations across the

Deep Neural Networks Reveal a Gradient in the Complexity of Neural Representations across the

Deep Neural Networks Reveal a Gradient in the Complexity of Neural Representations across the Ventral Stream Umut Gcl and Marcel A. J. van Gerven Article overview by Ilya Kuzovkin Computational Neuroscience Seminar University of Tartu

852 views • 63 slides
Recurrent Neural Networks Deep neural networks have enabled major advances in machine learning

Recurrent Neural Networks Deep neural networks have enabled major advances in machine learning

Recurrent Neural Networks Deep neural networks have enabled major advances in machine learning and AI y t-1 y t y t+1 Computer vision h t-1 h t h t+1 Language translation Speech recognition h t-1 h t h t+1 Question answering x t-1 x t x t+1

454 views • 43 slides
Concise Introduction to Deep Neural Networks Outline: Classification problems Motivating

Concise Introduction to Deep Neural Networks Outline: Classification problems Motivating

Concise Introduction to Deep Neural Networks Outline: Classification problems Motivating Deep (large) Neural Network (DNN) classifiers Neurons and DNN architectures Numerical training of DNNs (supervised deep learning) Spiking

630 views • 33 slides
ICASSP 2017 Tutorial on Methods for Interpreting and Understanding Deep Neural Networks G.

ICASSP 2017 Tutorial on Methods for Interpreting and Understanding Deep Neural Networks G.

ICASSP 2017 Tutorial on Methods for Interpreting and Understanding Deep Neural Networks G. Montavon, W. Samek, K.-R. Mller Part 2: Making Deep Neural Networks Transparent 5 March 2017 Making Deep Neural Nets Transparent DNN transparency

448 views • 44 slides
Deep Neural Networks CMSC 422 M ARINE C ARPUAT marine@cs.umd.edu Deep learning slides credit:

Deep Neural Networks CMSC 422 M ARINE C ARPUAT marine@cs.umd.edu Deep learning slides credit:

Deep Neural Networks CMSC 422 M ARINE C ARPUAT marine@cs.umd.edu Deep learning slides credit: Vlad Morariu Training (Deep) Neural Networks Computational graphs Improvements to gradient descent Stochastic gradient descent Momentum

814 views • 21 slides
POPQORN: Quantifying Robustness of Recurrent Neural Networks Ching-Yun Ko *^, Zhaoyang Lyu *,

POPQORN: Quantifying Robustness of Recurrent Neural Networks Ching-Yun Ko *^, Zhaoyang Lyu *,

1 POPQORN: Quantifying Robustness of Recurrent Neural Networks Ching-Yun Ko *^, Zhaoyang Lyu *, Tsui-Wei Weng, Luca Daniel, Ngai Wong, Dahua Lin * Equal Contribution ^ Presenter A joint research by arXiv: https://arxiv.org/abs/1905.07387

305 views • 16 slides
6. Convolutional Neural Networks CS 535 Deep Learning, Winter 2018 Fuxin Li With materials from

6. Convolutional Neural Networks CS 535 Deep Learning, Winter 2018 Fuxin Li With materials from

6. Convolutional Neural Networks CS 535 Deep Learning, Winter 2018 Fuxin Li With materials from Zsolt Kira Quiz coming up Next Monday (2/5) 30 minutes Topics: Optimization Basic neural networks Neural Network

619 views • 41 slides
DEEP NEURAL NETWORKS FOR OBJECT DETECTION Sergey Nikolenko Steklov Institute of Mathematics at

DEEP NEURAL NETWORKS FOR OBJECT DETECTION Sergey Nikolenko Steklov Institute of Mathematics at

DEEP NEURAL NETWORKS FOR OBJECT DETECTION Sergey Nikolenko Steklov Institute of Mathematics at St. Petersburg October 10, 2017, Seoul, Korea Outline Birds eye overview of deep learning Convolutional neural networks Chris

743 views • 32 slides
Weight Parameterizations in Deep Neural Networks Sergey Zagoruyko e Paris-Est, Universit

Weight Parameterizations in Deep Neural Networks Sergey Zagoruyko e Paris-Est, Universit

Weight Parameterizations in Deep Neural Networks Weight Parameterizations in Deep Neural Networks Sergey Zagoruyko e Paris-Est, Universit Ecole des Ponts ParisTech December 26, 2017 Weight Parameterizations in Deep Neural Networks

1.05k views • 45 slides
CS480/680 Lecture 15: June 26, 2019 Deep Neural Networks [GBC] Chap. 6, 7, 8 University of

CS480/680 Lecture 15: June 26, 2019 Deep Neural Networks [GBC] Chap. 6, 7, 8 University of

CS480/680 Lecture 15: June 26, 2019 Deep Neural Networks [GBC] Chap. 6, 7, 8 University of Waterloo CS480/680 Spring 2019 Pascal Poupart 1 Outline Deep Neural Networks Gradient Vanishing Rectified linear units Overfitting

941 views • 25 slides

More recommend